[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Adding rule for echo-request.
Anders, Yes it does, with the 1st rule you only allow the outgoing 'ping' packets ... but with no other rule, you'll never get a reply I think. You should add a 2d rule to allow the replies : Src Dest Service Internet Internal echo-reply + (?? time-exceeded & dest-unreach ??) That way only outgoing ICMP will be allowed, and incoming replies. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 -----Original Message----- From: Reed Mohn, Anders [mailto:[email protected]] Sent: Wednesday, November 29, 2000 8:13 PM To: Fw-1-Mailinglist (E-mail) Subject: [FW1] Adding rule for echo-request. Just curious: Is there any difference in specifically adding a rule for outbound echo-request, and just letting the packets out through a more general rule? E.g: Src Dest Service Internal internet echo-request vs. Src Dest Service Internal internet Any Does this affect the way the the FW treats these packets? Cheers, Anders RM :) ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|