Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Fw rule Q.

To: [email protected]
Subject: RE: [FW1] Fw rule Q.
From: [email protected]
Date: Wed, 6 Sep 2000 07:54:35 -0400
Cc: [email protected]
Sender: [email protected]

I consider your "stealth rule" somewhat limiting. The first rule sends a
response to anyone trying to initiate a connection with "Here I am, I'm
here, and I'm not letting you through!". The firewall should be as
transparent as possible.
Not good. Change that rule to drop.

Your second rule is denying anything out of the firewall.. Why not let the
cleanup rule handle that?

I would also recommend you specifying internal hosts and networks, and not
just identifying everyone as "ANY"

I would recommend you visit lance spitzner's site on rule building.

http://www.enteract.com/~lspitz/pubs.html

Thomas Poole

-----Original Message-----
From: C.M. Wong [mailto:[email protected]]
Sent: Tuesday, September 05, 2000 10:15 PM
To: [email protected]
Subject: [FW1] Fw rule Q.



Hi all,

My first two rule is the default:

source  dest  traffic  action
any	  fw	  any	     deny
fw      any   any      deny

I have a scenario whereby I need to connect from the fw to one of my
internal servers. Hence I place the rule right on top of the default 2 rules
like so:

fw      <some_ip>      <specific port>     accept  # rule 1
any	  fw	  	     any	     		 deny     # rule 2
fw      any   	     any		       deny     # rule 3

For some reason when I do a telnet <some_ip> <specific_port>, I get no
response. Checking the logs, rule 3 is blocking the traffic. But if I remove
rule 3, everything works and guess what, rule 0 is allowing the traffic
through and not rule 1. huh? I know rule 0 are some of the fw-1 properties
settings, but I have removed the dangerous ones (like icmp, dns etc) on day
one. Any of you guys can shed a light here on why this is occurring??

For the record, fw-1 41 sp2 is being run. TIA.

Rgrds,
Wong.




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] Fw rule Q.
  - From: "C.M. Wong" <[email protected]>

Prev by Date: RE: [FW1] Weird http proxy behavior
Next by Date: Re: [FW1] NAT question
Previous by thread: [FW1] HTTP Incoming Traffic Restriction based on pre-defined source IP address
Next by thread: RE: [FW1] Fw rule Q.
Index(es):
- Date
- Thread