| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] Disabling Flows on Nokia-330 Permanently
Here are the instructions for disabling flows permanently.
Please take reasonable precautions -back up your files first and read the
instructions fully- before proceeding and make sure you are editing the
correct part of the file(s)
FireWall-1 must be re-started for this change to take effect. Once you have
done that, you can not use the ipsofwd command to re-enable flows
hion 4188
How do I disable firewall flows in IPSO 3.3 and later?
Check Point FireWall-1, Miscellaneous for version: 4.1 SP2 And Later
Firewall Flows is designed to increase performance of FireWall-1 on the
Nokia Platform. However, there may be reasons why you would want to disable
it. SOLUTION
To temporarily disable it, one can issue the command:
ipsofwd slowpath
This also clears the flows tables. To re-enable it, use the command:
ipsofwd flowpath
However, it may also be desirable to disable it permanently. This must be
done by modifying $FWDIR/etc/rc/rc.fwload. Replace the "bolded" flowpath in
the following section with slowpath:
ipsctl -n net:ip:forward:available_modes | grep -q -s flowpath
if ($status == 0) then
ipsctl -w net:ip:forward:switch_mode flowpath
else
echo "FireWall-1: You are attempting to start the FW on an incompatible OS -
exiting" >>& $LOGDIR/fw.log
exit 1
endif
You also need to modify $FWDIR/bin/fwstart. Replace the "bolded" flowpath in
the following section with slowpath:
if ($ipso) then
# enable flows, if available. Don't need check because
it is
already checked!
ipsofwd flowpath
(cd $FW_BOOT_DIR/modules ; modload -v -A $KERNEL_IS -e
fw1_i
nit -p fw.mkdev -o fwmod fwmod.o)
if ($status) then
echo "FW-1: modload failed"
exit 1
endif
fw putlic -k
Steve Morris
Express Newspapers
Systems Technical Support Engineer
DDI 020 7922 7538
Mob 07831 314610
Fax 020 7922 7931
****************************************************************************
Any views or opinions are solely those of the author
and do not necessarily represent those of Express Newspapers
****************************************************************************
The information transmitted is intended only for the person
or entity to which it is addressed and may contain confidential
and/or privileged material.If you are not the intended recipient
of this message please do not read ,copy, use or disclose this
communication and notify the sender immediately. It should be
noted that any review, retransmission, dissemination or other
use of, or taking action in reliance upon, this information by
persons or entities other than the intended recipient is prohibited.
E-mail communications may be monitored.
****************************************************************************
##EXN2000##
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
