[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Adding rule for echo-request.
Thanks, all of you who answered, though I think I didn't really make my qestion clear. What I wondered was if the two different ways of allow outgoing echo-requests (forget the replies) would cause FW-1 to treat the packets any differently. Anyway, I thought about it, and I'm pretty sure now that my question was pointless to begin with. (The answer is, of course: No.) Again, thanks to all of you. Cheers, Anders :) -----Original Message----- From: Roelandts, Guy [mailto:[email protected]] Sent: 30. november 2000 09:32 To: 'Reed Mohn, Anders'; Fw-1-Mailinglist (E-mail) Subject: RE: [FW1] Adding rule for echo-request. Anders, Yes it does, with the 1st rule you only allow the outgoing 'ping' packets ... but with no other rule, you'll never get a reply I think. You should add a 2d rule to allow the replies : Src Dest Service Internet Internal echo-reply + (?? time-exceeded & dest-unreach ??) That way only outgoing ICMP will be allowed, and incoming replies. Met vriendelijke groeten - Bien à vous - Kind regards Guy ROELANDTS Compaq Software Engineer - Belgium E-mail : [email protected] Tel: +32(02)729.77.44 (options 3 - 3 - 1) Fax: +32(02)729.77.65 -----Original Message----- From: Reed Mohn, Anders [mailto:[email protected]] Sent: Wednesday, November 29, 2000 8:13 PM To: Fw-1-Mailinglist (E-mail) Subject: [FW1] Adding rule for echo-request. Just curious: Is there any difference in specifically adding a rule for outbound echo-request, and just letting the packets out through a more general rule? E.g: Src Dest Service Internal internet echo-request vs. Src Dest Service Internal internet Any Does this affect the way the the FW treats these packets? Cheers, Anders RM :) ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|