Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Rule with range of ports

To: [email protected]
Subject: [FW1] Rule with range of ports
From: [email protected]
Date: Tue, 17 Oct 2000 11:55:23 +0200
Sender: [email protected]

I need to add a rule like this:

Source   Destination   Range-of-ports   Accept

Where Range-of-ports can be from 1300-1500. One solution is to create one
tcp object for each port (which mean 200++ objects) and then add these to a
group and use the group in the rule. But it require a lot of work, and I
guess such a rule will require a lot of CPU, or?

Another way would be something like:

Source   Destination   Range-0   Drop
Source   Destination   Range-1   Drop
Source   Destination   Any       Accept

Where Range-0 are ports below 1300 (< 1300), Range-1 are ports above 1500 (>
1500). The two drop-rules can be merged to one rule. What about the security
of such a solution? 

Any other solutions?

---
Jørn Yngve Dahl-Stamnes
EDB Teamco, Trondheim
[email protected] 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] WWW names appearing in FW-1 log
Next by Date: RE: [FW1] incorrect reply from server (seq or subject mismatch)
Previous by thread: [FW1] WWW names appearing in FW-1 log
Next by thread: RE: [FW1] Rule with range of ports
Index(es):
- Date
- Thread