Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Eliminating Implied Rules - reference material

To: [email protected]
Subject: Re: [FW-1] Eliminating Implied Rules - reference material
From: Amin Tora <[email protected]>
Date: Fri, 1 Mar 2002 00:38:28 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Basic rulebase for 4.x after turning off implied rules:


No. SRC     DST   SERVICE     ACTION
--------------------------------------
1.  MGMT        FW      FW1             ACCEPT  {allow MGMT to push policies
and cmds to FW}
--------------------------------------
2.  FW  MGMT    FW1
                        FW_LOG  ACCEPT  {allow FW to fetch policies and push
logs/alerts/status to MGMT}
--------------------------------------
3.  ANY FW      ANY             DROP            {stealth rule}
--------------------------------------
4.  GUI MGMT    FW1_MGMT        ACCEPT  {need this rule if GUI has to go
through a FW to get to MGMT}
--------------------------------------
x.  {OTHER RULES...}
--------------------------------------
x.  ANY ANY     ANY             DROP            {clean up rule}
--------------------------------------


-Amin


> -----Original Message-----
> From: Russell Washington [mailto:[email protected]]
> Sent: Friday, February 22, 2002 11:30 AM
> To: [email protected]
> Subject: [FW-1] Eliminating Implied Rules - reference material
>
>
> Can someone recommend a resource covering strategies for
> replacing implied
> rules with explicit ones on FW1 4.x?  Does Phoneboy's book cover this?
>
> Thx!
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] AW: [FW-1] NAT and anti-spoofing
Next by Date: Re: [FW-1] audiogalaxy
Previous by thread: Re: [FW-1] AW: [FW-1] NAT and anti-spoofing
Next by thread: Re: [FW-1] audiogalaxy
Index(es):
- Date
- Thread