[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Rule with range of ports
Hello --- [email protected] a écrit : > > I need to add a rule like this: > > Source Destination Range-of-ports Accept > > Where Range-of-ports can be from 1300-1500. One solution is to create > one You can create a service of type user-defined, where you state something like "tcp,dport>1300,dport<1500" I'm not sure about the above syntax, but take a look at the definition of the other user-defined services that exists by default, and you should find examples. > tcp object for each port (which mean 200++ objects) and then add > these to a > group and use the group in the rule. But it require a lot of work, > and I > guess such a rule will require a lot of CPU, or? > > Another way would be something like: > > Source Destination Range-0 Drop > Source Destination Range-1 Drop > Source Destination Any Accept > > Where Range-0 are ports below 1300 (< 1300), Range-1 are ports above > 1500 (> > 1500). The two drop-rules can be merged to one rule. What about the > security > of such a solution? > > Any other solutions? > > --- > Jørn Yngve Dahl-Stamnes > EDB Teamco, Trondheim > [email protected] > > > ================================================================================ > To unsubscribe from this mailing list, please see the > instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ ___________________________________________________________ Do You Yahoo!? -- Pour dialoguer en direct avec vos amis, Yahoo! Messenger : http://fr.messenger.yahoo.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|