[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Any--> What DOES it include?
...Yes, that was what I was trying to suggest, that all TCP/UDP ports are passed with an any-any-any-accept rule. I apologize for not being more explicit and specifying all of the policy properties pesudo-rules and other protocols. (I have copied the original post at the bottom of this email. I think the level of detail in my answer was relevant to the level of detail in the question.) All of the responses since that post have revolved around the number and numbers of the available IP protocols. Let's get to the heart of the matter: can someone tell us *precisely* what an any-any-any-accept rule does mean? i.e. what does it pass and what would it block? Assume and specify a default policy properties or specifically list all policy properties options. Bonus question: of the hundred-odd IP protocol types in use on the internet today, how many does CheckPoint FireWall-1 handle, and how well? --gill On Fri, 9 Feb 2001 [email protected] wrote: > Yes Frank, that is exactly what he was trying to suggest. But that is not > correct. any any any accept still does impose traffic restrictions. > > And as far as I am aware ICMP, UDP and TCP are the only IP protocols that > exist. > > > > > > The email that I replied to said that any any any accept was > > > = a router. > > > > > > This is FAR from the truth. (Although I wish it was the truth) > > > > I don't have that email anymore, but I think the poster was trying to > > say that Any-Any-Any does not impose any access control restrictions > > based on source and destination address, and service/protocol. So in > > essence, yeah would behave like a router if routing is allowed on the > > box and no address translation rules are in effect. > > The heart of the original post in this thread said: ----- On the rule base I have objects Internal : 10.0.0.0 network Gateway : Firewall Now if I say any to any, does this any includes only Internal & Gateway objects or Does this includes other than network 10.0.0.0 (external world). Meaning : Any=10.0.0.0 + Firewall objects only or Any=10.0.0.0+Firewall Ojbects+0.0.0.0 (External IP's ----- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --gill | Tatu Ylonen, SSH 1.2.12 README: "Beware that the most effective | way for someone to decrypt your data may be with a rubber hose." ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|