Results 1 to 6 of 6
  1. #1
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Question Rules - Port - Protocol - Source - Destination

    Hello,

    Still new to Untangle and I was wondering what is the best practice or recommended way to create the rules... I noticed that the default rules after install are most likely built in this order:

    Destination port -> Protocol -> Source -> Destination

    Any impact on the performance or functionality depending on the order?

    Thanks!

  2. #2
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,935

    Default

    No performance change on order, but you do want those four things, anything less and you risk overmatch in unexpected ways.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  3. #3
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Default

    Perfect, Thanks for the answer.

  4. #4
    Untanglit
    Join Date
    May 2021
    Location
    Nova Scotia, CA
    Posts
    20

    Default

    Quote Originally Posted by sky-knight View Post
    No performance change on order, but you do want those four things, anything less and you risk overmatch in unexpected ways.
    and my understanding if you allow all ports whether you put any or did not list the port as a condition would be the same right?

  5. #5
    Untangler sheck's Avatar
    Join Date
    May 2020
    Posts
    37

    Default

    Quote Originally Posted by idscomm View Post
    and my understanding if you allow all ports whether you put any or did not list the port as a condition would be the same right?
    Just don't use the port condition and it will assume all ports are forwarded. If you are using advanced mode leave the new port section blank and it will use the port it came in on.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,935

    Default

    Quote Originally Posted by idscomm View Post
    and my understanding if you allow all ports whether you put any or did not list the port as a condition would be the same right?
    As previously indicated, if you don't want to match on a given criteria just don't have that criteria.

    Each line is connected by a logical AND, each item in each line is connected by a logical OR.

    But this is exactly the sort of thing I was trying to warn you about, removing destination port will cause all ports to forward. Which is a situation you almost never want.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2