Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Re: ICMP Stateful or NOT?

To: [email protected]
Subject: [FW1] Re: ICMP Stateful or NOT?
From: "Turin Turambar" <[email protected]>
Date: Thu, 11 Jan 2001 09:28:08 -0800
Sender: [email protected]

I have tried the supposed trick of setting Allow ICMP to 'Last', then 
putting in rules to allow outbound echo requests only.

This has never worked properly for me on 4.0.   The only way I could 
get echo to work is to expressly allow echo replies inbound, which 
means that there is no useful 'stateful inspection' of ICMP that I 
can tell.

I considered using Bill's stateful INSPECT code, but in the end 
decided that allowing echo replies inbound is not much of a risk -- 
at least if you have non-routable IP addresses.


turambar386
 
Get your FREE Bette Davis e-mail at http://surf.to/bette
____________________________________________________________
Get your own FREE Web and POP E-mail Service in 14 languages at http://www.zzn.com.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] "Log Server went down" error in log file
Next by Date: Re: RE: [FW1] ICMP Stateful or NOT ?
Previous by thread: [FW1] "Log Server went down" error in log file
Next by thread: [FW1] Nokia IPSO/configure networking/resources
Index(es):
- Date
- Thread