Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Any--> What DOES it include?

To: [email protected]
Subject: RE: [FW1] Any--> What DOES it include?
From: Gill <[email protected]>
Date: Mon, 12 Feb 2001 19:09:59 -0500 (EST)
In-reply-to: <[email protected]>
Sender: [email protected]

...Yes, that was what I was trying to suggest, that all TCP/UDP ports are
passed with an any-any-any-accept rule.  I apologize for not being more
explicit and specifying all of the policy properties pesudo-rules and
other protocols.  (I have copied the original post at the bottom of this
email.  I think the level of detail in my answer was relevant to the level
of detail in the question.)

All of the responses since that post have revolved around the number and
numbers of the available IP protocols.

Let's get to the heart of the matter: can someone tell us *precisely* what
an any-any-any-accept rule does mean?  i.e. what does it pass and what
would it block?  Assume and specify a default policy properties or
specifically list all policy properties options.

Bonus question:  of the hundred-odd IP protocol types in use on the
internet today, how many does CheckPoint FireWall-1 handle, and how well?

--gill

On Fri, 9 Feb 2001 [email protected] wrote:

> Yes Frank, that is exactly what he was trying to suggest.  But that is not
> correct.  any any any accept still does impose traffic restrictions.
> 
> And as far as I am aware ICMP, UDP and TCP are the only IP protocols that
> exist.

> > > 
> > > The email that I replied to said that any any any accept was 
> > > = a router.
> > > 
> > > This is FAR from the truth.  (Although I wish it was the truth)
> > 

> > I don't have that email anymore, but I think the poster was trying to
> > say that Any-Any-Any does not impose any access control  restrictions
> > based on source and destination address, and service/protocol. So in
> > essence, yeah would behave like a router if routing is allowed on the
> > box and no address translation rules are in effect.
> > 

The heart of the original post in this thread said:
-----
On the rule base I have objects
Internal : 10.0.0.0 network
Gateway : Firewall

Now if I say any to any, does this any includes only Internal & Gateway
objects or Does this includes other than network 10.0.0.0 (external
world).

Meaning : Any=10.0.0.0 + Firewall objects only
or
Any=10.0.0.0+Firewall Ojbects+0.0.0.0 (External IP's
-----

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
--gill  | Tatu Ylonen, SSH 1.2.12 README:  "Beware that the most effective
        | way for someone to decrypt your data may be with a rubber hose."

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] Any-->does this include....
  - From: [email protected]

Prev by Date: RE: [FW1] setting up "one-way" NTdomain trust
Next by Date: Re: [FW1] FW-1 smalloffice appliances
Previous by thread: RE: [FW1] Any-->does this include....
Next by thread: RE: [FW1] Any-->does this include....
Index(es):
- Date
- Thread