Re: [FW-1] Silent Drop Rule

[Haim Chibotero <Haimc@FW1-NOSPAMMAXBILL.COM>]

but if u drop netbios and u have vpn between gateways than what ???

	-----Original Message----- 
	From: Don [mailto:don@BLACKSUN.ORG] 
	Sent: Thu 4/11/2002 4:01 PM 
	To: FW-1-MAILINGLIST@beethoven.us.checkpoint.com 
	Cc: 
	Subject: Re: [FW-1] Silent Drop Rule
	
	

	> Sorry, the first answer was not the corrcet one.
	>
	> You should use a silent drop rule for services that you are sure you do not
	> want to allow, and you do not want them to appear in log (making the log
	> file grow).
	>
	> There is no defined dervice to include in silent drop rule, that's your
	> decision.
	Then this would not be much of a useful question now would it?
	
	Secondly, the only service in that list that I would definitely want
	to drop on is netbios as it a) probably should not be traversing the
	firewall in the first place, and b) I would not want the firewall sending
	explicit reject would for every netbios packet that happens to be
	generated. As a result, netbios is still the correct answer.
	
	-Don
	
	=================================================
	To set vacation, Out Of Office, or away messages,
	send an email to LISTSERV@lists.us.checkpoint.com
	in the BODY of the email add:
	set fw-1-mailinglist nomail
	=================================================
	To unsubscribe from this mailing list,
	please see the instructions at
	http://www.checkpoint.com/services/mailing.html
	=================================================
	If you have any questions on how to change your
	subscription options, email
	fw-1-owner@ts.checkpoint.com
	=================================================
	

è±ëoiÆŠ‰ÎÓ9÷âqê+k²™ë,j¬±éÝjw¦j)m ²M!VX¬¶Ërœ’š"ž×(š)í…àN
Š¶ž™¨¥i×lz×ðÖf¢–)à–+-ž‰šŠTèº{.nÇ+‰·Ÿ®‰­†+&j)bž	b²Úey«±çèÚîr؞ƆÛiÿü0ÁÈ^rJhŠ{\¢oìz»âqë?™¨¥Šx!¶iH*.…«Þj|ª¹ë-Š‰ì¢xhÂÚ…©à{*.®Ë±Êâ¦ØžŠmŠ‰ìzf¢•ü5£	ÞÛ…ç$¦ˆ§µÊ&