SUMMARY: SunScreen Lite 3.1 - not working

From: Oscar Knight <>
Date: Mon Nov 19 2001 - 20:47:46 EST
Hello All,

First, I would like to thank all those that responded.  It was amazing.
The first response came in less than and hour and it had great info!  This
list rocks.

I asked two questions:

1) why was traffic getting through when it clearly should not
   based on my rules.  I was using '*' as the service for all of my rules.

   First there is a patch for SunScreen Lite.  One of the things it
   address is an issue with '*' as service.   As of this writing it's

    Patch ID   Updated    Description
    109737-05  7/25/2001  SunScreen 3.1 LITE (Intel) miscellaneous fixes
    109736-05  7/25/2001  SunScreen 3.1 LITE (Sparc) miscellaneous fixes

   Available at

   And second, when using '*' as the service you loose stateful checking.
   It's best to stay away from '*' for the service.

2) how to get the logging to show which rule matched?

   You can't :(  But you can turn logging on and off, or set an SNMP trap
   for the rule you're testing.

Also, it was pointed out that sun has a "blueprint" for using SunScreen
Lite 3.1 as a host-based firewall.  I found it very useful.  It's at

Several folks gave pointers to using the CLI for management.  The CLI is
MUCH easier to use than the GUI!

Thanks again to those that responded!
Oscar D. Knight                           
Network Support Services                              Voice: 828-262-6946
Appalachian State University, Boone, NC 28608           FAX: 828-262-2236
Received on Tue Nov 20 01:47:46 2001

This archive was generated by hypermail 2.1.8 : Wed Mar 23 2016 - 16:32:36 EDT