NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Adding rule for echo-request.




Thanks,
all of you who answered, though I
think I didn't really make my qestion clear.

What I wondered was if the two different ways
of allow outgoing echo-requests (forget the replies)
would cause FW-1 to treat the packets any differently.

Anyway, I thought about it, and I'm pretty sure now
that my question was pointless to begin with.
(The answer is, of course: No.)

Again, thanks to all of you.
Cheers,
Anders :)



-----Original Message-----
From: Roelandts, Guy [mailto:[email protected]]
Sent: 30. november 2000 09:32
To: 'Reed Mohn, Anders'; Fw-1-Mailinglist (E-mail)
Subject: RE: [FW1] Adding rule for echo-request.



Anders,

   Yes it does, with the 1st rule you only allow the outgoing
 'ping' packets ... but with no other rule, you'll never get a
 reply I think. You should add a 2d rule to allow the replies :

Src		Dest		Service
Internet	Internal	echo-reply + (?? time-exceeded &
dest-unreach ??)

  That way only outgoing ICMP will be allowed, and incoming replies.

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65

-----Original Message-----
From: Reed Mohn, Anders [mailto:[email protected]]
Sent: Wednesday, November 29, 2000 8:13 PM
To: Fw-1-Mailinglist (E-mail)
Subject: [FW1] Adding rule for echo-request.

Just curious:
Is there any difference in specifically adding a rule for
outbound echo-request, and just letting the packets out
through a more general rule?

E.g:

Src	Dest	Service
Internal	internet	echo-request
vs.

Src	Dest	Service
Internal internet Any

Does this affect the way the the FW treats these packets?

Cheers,
Anders RM :)


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.