[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] drop, icmp, rule 0 from broadcast? HELP!
Rule 0 logging is controlled in Policy -> Properties. you can: A. disable logging of rule 0 B. disable implicit ICMP allow or C. disable implicit ICMP allow and control it via manual rules in your policy. Chipper On Fri, 28 Dec 2001, Reed Mohn, Anders wrote: >Uhh. aren't "Service", and "Dest. port" meaningless for ICMP? > >Anyway, setting up a rule to drop these packets >is not going to solve the problem, just hide it. > >I'd get out a packet sniffer, and try to trace down >the source ASAP. > >The "allow broadcasts"-setting only specifies whether >the broadcast address is regarded as a valid >IP-address for that particular network. >In other words, if it's on (allowed), any packets to/from it >will be allowed, and must be stopped by other rules. >If it's off, they will be stopped (by anti-spoofing checks, I guess). >In any case, you're gonna see the packets in the logs. > >Cheers, >Anders :) > > >> -----Original Message----- >> From: Yanek Korff [mailto:[email protected]] >> Sent: 21. desember 2001 19:44 >> To: [email protected] >> Subject: [FW-1] drop, icmp, rule 0 from broadcast? HELP! >> >> >> I have a FW in place, not yet in production, and it's >> CONSTANTLY loggging >> these drops: >> >> Interface: internal interface >> Type: log >> Action: drop >> Service: hiport (>1024) >> Source: 10.1.255.255 >> Destination: Various internal 10.1.x.x hosts >> Proto: icmp >> Rule: 0 >> S_Port: 771 >> >> And I can't get them to stop logging. What are these, and >> how do I get rid >> of them? They're really filling up my FW logs. >> >> I've tried setting the network object "LAN" (10.1.0.0/255.255.0.0) to >> disallow broadcast... and allow broadcast... both to no avail. >> >> -Yanek. >> >> ================================================= >> To set vacation, Out Of Office, or away messages, >> send an email to [email protected] >> in the BODY of the email add: >> set fw-1-mailinglist nomail >> ================================================= >> To unsubscribe from this mailing list, >> please see the instructions at >> http://www.checkpoint.com/services/mailing.html >> ================================================= >> If you have any questions on how to change your >> subscription options, email >> [email protected] >> ================================================= >> > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= > ------ Please encrypt anything important. PGP Key: http://wwwkeys.pgp.net:11371/pks/lookup?op=get&search=0x6CFA486D "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety " - Benjamin Franklin ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|