On Thu, 27 Jan 2000, Mike Wronski wrote:

Try ACCEPT instead of PERMIT.. Its line 020 that is first error... -M

That worked. And on my final line I had like 650 ACCEPT; and it didn't like that, it wanted PERMIT!! I didn't see where it explained the differences of PERMIT/ACCEPT. In the docs, it actually says: (p. 12-5 4.2 product guide) Specifying the Filtering Action You can specif the filtering action for each protocol section that determines whether a packet is accepted or rejected if no match occurs with any of the rules defined in the section. To do so, enter one of the following values as the last rule line of the section: o ACCEPT o DENY yet, it really wants PERMIT as the last rule, not ACCEPT. And as you pointed out, it wants you to use ACCEPT's (not PERMIT's) in your normal rules.............is their a method to the madness? Brian

|-----Original Message----- |From: owner-usr-tc@lists.xmission.com |[mailto:owner-usr-tc@lists.xmission.com]On Behalf Of Brian |Sent: Thursday, January 27, 2000 10:54 AM |To: USRobotics TC Mailing List |Subject: (usr-tc) ARC Filters | | | |Does the ARC Filter have a limit of 20 rules or something? | |I am making a filter and its erroring on line 20, and I don't see the |error: | |HiPer>> verify filter filter_in |FM: In filter file filter_in, protocol IP, unexpected symbols in |action at line 20 | |here is the first 28 or so lines................rule 170 is what its |considering line 20. | |#filter |IP: |010 AND tcp-dst-port = 20; |020 PERMIT dst-addr = 208.206.76.57/32; |030 AND tcp-dst-port = 20; |040 PERMIT dst-addr = 208.206.76.58/32; |050 AND tcp-dst-port = 20; |060 PERMIT dst-addr = 208.206.76.5/32; |070 AND tcp-dst-port = 20; |080 PERMIT dst-addr = 208.206.76.13/32; |090 AND tcp-dst-port = 20; |100 PERMIT dst-addr = 208.206.76.33/32; |110 AND tcp-dst-port = 20; |120 PERMIT dst-addr = 208.206.76.45/32; | |130 AND tcp-dst-port = 21; |140 PERMIT dst-addr = 208.206.76.57/32; |150 AND tcp-dst-port = 21; |160 PERMIT dst-addr = 208.206.76.58/32; |170 AND tcp-dst-port = 21; |180 PERMIT dst-addr = 208.206.76.5/32; |190 AND tcp-dst-port = 21; |200 PERMIT dst-addr = 208.206.76.13/32; |210 AND tcp-dst-port = 21; |220 PERMIT dst-addr = 208.206.76.33/32; |230 AND tcp-dst-port = 21; |240 PERMIT dst-addr = 208.206.76.45/32; | | | |----------------------------------------------------- |Brian Feeny (BF304) signal@shreve.net |318-222-2638 x 109 http://www.shreve.net/~signal |Network Administrator ShreveNet Inc. (ASN 11881) | | |- | To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" | with "unsubscribe usr-tc" in the body of the message. | For information on digests or retrieving files and old messages send | "help" to the same address. Do not use quotes in your message. |

- To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.

----------------------------------------------------- Brian Feeny (BF304) signal@shreve.net 318-222-2638 x 109 http://www.shreve.net/~signal Network Administrator ShreveNet Inc. (ASN 11881) - To unsubscribe to usr-tc, send an email to "majordomo@xmission.com" with "unsubscribe usr-tc" in the body of the message. For information on digests or retrieving files and old messages send "help" to the same address. Do not use quotes in your message.