[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Question about open connections when closing firewall
It depends on weather or not you clear the state table when you push a new rule. There is a setting in $FWDIR/lib/table.def where you can not have the state table flushed upon rule reload. Below is what it would look like if you did not want to flush the state table, but other than that any rule push will clear all connection and if a current connection does not meet the new rules then yes it would be droped. old_connections = dynamic sync expires TCP_TIMEOUT keep kbuf 2; proxied_conns = dynamic keep; ftp_restrictions = dynamic; connections = dynamic refresh keep sync expires TCP_START_TIMEOUT expcall KFUNC_CONN_EXPIRE kbuf 1 The "keep" was added to the connections line..... -----Original Message----- From: Johan Sunnerstig [mailto:] Sent: Monday, October 08, 2001 9:24 AM To: [email protected] Subject: [FW-1] Question about open connections when closing firewall Hi. Im wondering, how does FW-1 handle open connections to a box, when you close any inbound traffic to that box, are any open connections immediately cut off, or are they allowed to finnish their traffic? Example, say we have a box 1.2.3.4, listening for traffic on port 1, and connections remain open for an avarge of 60 seconds. 1) connection #1 is opened 2) firewall gets closed on port 1 to 1.2.3.4 3) any new inbound connections are obviously refused 4) the answer for connection #1 comes back In this case, what would happen to #1? Regards Johan ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|