[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Fw rule Q.
Ack.. I made a mistake in my earlier post. My first two rule are actually defined as drop not deny. I think the first two rules should be "any" as internet traffic would be traversing through it. Anyway, one nice guy (thx Daniel) send me the soln to my prob, I should have used "targets" instead of gateways. Prob solve :) Rgrds, Wong. > -----Original Message----- > From: [email protected] > [mailto:[email protected]]On Behalf Of > [email protected] > Sent: Wednesday, September 06, 2000 7:55 PM > To: [email protected] > Cc: [email protected] > Subject: RE: [FW1] Fw rule Q. > > > > I consider your "stealth rule" somewhat limiting. The first rule sends a > response to anyone trying to initiate a connection with "Here I am, I'm > here, and I'm not letting you through!". The firewall should be as > transparent as possible. > Not good. Change that rule to drop. > > Your second rule is denying anything out of the firewall.. Why not let the > cleanup rule handle that? > > I would also recommend you specifying internal hosts and networks, and not > just identifying everyone as "ANY" > > I would recommend you visit lance spitzner's site on rule building. > > http://www.enteract.com/~lspitz/pubs.html > > Thomas Poole > > -----Original Message----- > From: C.M. Wong [mailto:[email protected]] > Sent: Tuesday, September 05, 2000 10:15 PM > To: [email protected] > Subject: [FW1] Fw rule Q. > > > > Hi all, > > My first two rule is the default: > > source dest traffic action > any fw any deny > fw any any deny > > I have a scenario whereby I need to connect from the fw to one of my > internal servers. Hence I place the rule right on top of the > default 2 rules > like so: > > fw <some_ip> <specific port> accept # rule 1 > any fw any deny # rule 2 > fw any any deny # rule 3 > > For some reason when I do a telnet <some_ip> <specific_port>, I get no > response. Checking the logs, rule 3 is blocking the traffic. But > if I remove > rule 3, everything works and guess what, rule 0 is allowing the traffic > through and not rule 1. huh? I know rule 0 are some of the fw-1 properties > settings, but I have removed the dangerous ones (like icmp, dns > etc) on day > one. Any of you guys can shed a light here on why this is occurring?? > > For the record, fw-1 41 sp2 is being run. TIA. > > Rgrds, > Wong. > > > > > ================================================================== > ========== > ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================== > ========== > ==== > > > ================================================================== > ============== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================== > ============== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|