Link to home
Start Free TrialLog in
Avatar of barthalamu
barthalamu

asked on

SunScreen rules not active

I must be missing something...I am using command line to administer a SunScreen 3.2 firewall on Solaris 9.  When I list the policy rules from within the policy known as 'Initial', it looks like this:

edit> list rule
1 "X11" "*" "*" ALLOW
2 "www" "*" "*" ALLOW
3 "ftp" "*" "*" ALLOW


What I am wondering about is the fact that ssh is NOT listed here, but I can ssh to this box just fine from another machine on its same subnet.  Why is this?  If it is not listed, shouldn't it get denied???  

I have verified that this is the active policy.  What's the deal??

Thanks for any help.
ASKER CERTIFIED SOLUTION
Avatar of yuzh
yuzh

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of yuzh
yuzh

Have a look at the SunScreen Adm guide, to see if anything can help you about the SunScreen:

http://docs.sun.com/db/doc/806-4127

Avatar of barthalamu

ASKER

Yuzh:

Even this does not work.  I don't know why.  It seems like all the various processes are running.  I have tried rebooting, and that does not help either.

By the way, I shouldn't have to explicitly DENY services, should I??  I thought SunScreen worked like most firewalls, in that if you don't specifically ALLOW a service, it gets denied by default.  Correct me if I am wrong.

Thanks.
My mistake!  Actually, it was working from the beginning...I did not have the correct policy revision(eg. Initial.33 as opposed to Initial.28) active.  Now I do.  Thanks for the help.