[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Fw rule Q.
I consider your "stealth rule" somewhat limiting. The first rule sends a response to anyone trying to initiate a connection with "Here I am, I'm here, and I'm not letting you through!". The firewall should be as transparent as possible. Not good. Change that rule to drop. Your second rule is denying anything out of the firewall.. Why not let the cleanup rule handle that? I would also recommend you specifying internal hosts and networks, and not just identifying everyone as "ANY" I would recommend you visit lance spitzner's site on rule building. http://www.enteract.com/~lspitz/pubs.html Thomas Poole -----Original Message----- From: C.M. Wong [mailto:[email protected]] Sent: Tuesday, September 05, 2000 10:15 PM To: [email protected] Subject: [FW1] Fw rule Q. Hi all, My first two rule is the default: source dest traffic action any fw any deny fw any any deny I have a scenario whereby I need to connect from the fw to one of my internal servers. Hence I place the rule right on top of the default 2 rules like so: fw <some_ip> <specific port> accept # rule 1 any fw any deny # rule 2 fw any any deny # rule 3 For some reason when I do a telnet <some_ip> <specific_port>, I get no response. Checking the logs, rule 3 is blocking the traffic. But if I remove rule 3, everything works and guess what, rule 0 is allowing the traffic through and not rule 1. huh? I know rule 0 are some of the fw-1 properties settings, but I have removed the dangerous ones (like icmp, dns etc) on day one. Any of you guys can shed a light here on why this is occurring?? For the record, fw-1 41 sp2 is being run. TIA. Rgrds, Wong. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|