[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Rule 0
What is Rule 0? Q: What is rule 0 and where can it be found? I looked under the /etc/fw/database and /etc/fw/lib directories. Nothing jumps out at me. A: Rule 0 is typically stuff not explicitly listed in the rulebase. This includes: Anti-Spoofing: This is set on the interface tab of your firewall object. If spoof track is set to "log" or "alert", a rule 0 entry will show in your log. A "drop" on Rule 0 typically means that incoming packet violated your anti-spoofing policy for that interface. A "reject" on Rule 0 typically means that an outgoing packet (one that has been accepted by your security policy and routed by the OS) is violating your anti-spoof rules because the packet is being routed out the wrong interface. Authentication Failures: This is set in the Authentication tab of the rulebase properties. If this is set to "log" or "alert", any failed authentication attempts will show as a rule 0 log. SYNDefender warnings may get logged as rule 0. The "Display Warning Messages" checkbox in the SYNDefender tab of the rulebase properties is where this can be disabled. SecuRemote authentications (the successful ones) can also appear as a rule 0 accept. This is controlled by the "Enable Decryption on Accept" checkbox in the Security Policy tab of the Rulebase Properties. Anything dropped by FireWall-1's IP Options checking will log as rule 0. The logging is controlled by the "IP Options Drop Track" section of the Log and Alert tab of the Rulebase Properties. ---------------------------------------------------------------------------- ---- Last Modified: Thursday, 23-Dec-1999 15:56:47 PST (C)2000 Dameon D. Welch-Abernathy, All Rights Reserved. [ Go Back ] Your corrections, suggestions, and submissions are welcome. Email to [email protected]. ----- Original Message ----- From: "Estela Ruiz" <[email protected]> To: <[email protected]> Sent: Monday, December 18, 2000 10:40 AM Subject: [FW1] Rule 0 > > Hi, > > I haven't got implemented the Anti-Spoofing in my Firewall-1 v4.1, and I > can > see dropped packets by rule 0. > How is it possible? > > Thanks in advance, > Estela. > ________________________________________________________________________ > _ > Get Your Private, Free E-mail from MSN Hotmail at > http://www.hotmail.com. > > > > ======================================================================== > ======== > To unsubscribe from this mailing list, please see the instructions > at > http://www.checkpoint.com/services/mailing.html > ======================================================================== > ======== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|