[Fwbuilder-discussion] FORWARD chain and interface policy

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

Can someone tell me if this assumption is right:
(on linux with iptables)

if i need a rule that allows traffic from a certain subnet (let's call it A)
to a mailserver (on another subnet, let's call this B) (this would be
traffic passing only through the FORWARD chain I think), I have 3 options:

1)
create an interface policy rule on the firewall NIC connected to A,
specifying as source the subnet A, as destination the host B and as
direction inbound

or

2)
create an interface policy rule on the firewall NIC connected to B,
specifying as source the subnet A, as destination the host B and as
direction outbound

3)
or create a general policy rule with as source A and destination B

I would think that the behaviour of rule 1 and 2 would be identical, even
though the rules created would differ (other NIC's in the rule)
The Fwbuilder faq says it is better to specify most of the rules in the
general policy (better optimalization), but i think that rule 1 and 2 would
already be "spoof free", where rule 3 would need an adittionnal rule to stop
spoofing attempts.

what do you guys think ?

Tom.

****************************************************************************
Disclaimer: 
This electronic transmission and any files attached to it are strictly 
confidential and intended solely for the addressee. If you are not 
the intended addressee, you must not disclose, copy or take any
action in reliance of this transmission. If you have received this 
transmission in error, please notify the sender by return and delete
the transmission.  Although the sender endeavors to maintain a
computer virus free network, the sender does not warrant that this
transmission is virus-free and will not be liable for any damages 
resulting from any virus transmitted. 
Thank You.
****************************************************************************