[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] anti-spoofing on aliased interfaces
Just another problem related to virtual interfaces: I've blocked telnet to the firewall - but I can still connect to the telnetd using a virtual interface as destination! How can I block that? TIA, Dieter Gobbers On 29-Sep-00 Karim Ismail/Markham/Contr/AT&T/IJV wrote: > > > > Lance > > the virtual addresses do not show up in FW-1 interfaces screen > > FW-1 ignores virtual interfaces, so anti-spoofing is performed on the > physical interface. if you want to use virtual > interfaces with anti-spoofing, define 2 net objects (one for each subnet) > and create a group consisting of those objects. > then you can put the group in the physical interfaces anti-spoofing entry, > just as if there were another physical network > connected to the interface. > > > > Karim Ismail > Internet: [email protected] > > > Lance Spitzner <[email protected]> on 09/29/2000 02:33:53 PM > > Please respond to Lance Spitzner <[email protected]> > > To: [email protected] > cc: > Subject: [FW1] anti-spoofing on aliased interfaces > > > > > > I've aliased an interface (hme0:1) on FW ver 4.1, running on Solaris. > > Can one add an aliased interface to the interface objects > on a firewall? > > Can one setup anti-spoofing on an aliased interface? > > Last, does the aliased interface show up on the 'fw stat -li' > command? > > Thanks! > > -- > Lance Spitzner > http://www.enteract.com/~lspitz > > > > > ============================================================================== > == > > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================== > == > > > > > > ============================================================================== > == > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================== > == Dieter Gobbers UNIX Systems and Network Administrator -- im Auftrag des FAW Ulm (http://www.faw.uni-ulm.de) Ingenieurbuero Dieter Gobbers; Unix- und Netzwerkberatung und -betreuung Kreuzstr. 19, 89160 Dornstadt, Tel.: 07348/928538 email: [email protected], http://www.gobbers.de ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|