System Administration
Tools for the toolbox
Special Cases
How do you handle the special cases?Suppose you have 3,500,000+ users and 1 donkey. Do you jump through hoops to get the donkey's stuff working, or do you redirect his output to /dev/null? Is the customer always right, or is he just special?
5:22:26 PM # Google It!
categories: System Administration
A tricky bit about Microsoft's IPsec filters
Say you have two rules. One says, from my address to any address, deny. The other says, from this address to any address, permit. The rules intersect, since "this address" is a member of the class "my address." For some reason, the denying rule takes precedence.In order for the rules to not interfere, a port number needs to be specified.
Why is this annoying? Because the more specific rule should take precedence, otherwise the generic rule won't work. In this case, however, the class "My Address" is both all local addresses and this address. The class "My Address" doesn't just contain the class "This Address": It is the class "This Address."
1:41:05 PM # Google It!
categories: Security, System Administration