[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] "Accept ICMP"
Hi all FW-1 v4.1 Under the policy editor menu: Policy -> Properties There is an option for "Accept ICMP". If I leave it enabled (First or Before Last), then anyone can still ping the firewall. If I set the option to Last, then the last `drop everything` rule will stop this (which means it is a bit pointless having a `Last` option). If I totally disable "Accept ICMP", what rules would I need to add to the FW to allow ICMP for things like destination unreachable, time exceeded messages and echo reply to work? Are there any other ICMP messages I should allow inbound to the firewall? Ad will FW-1 forward on these ICMP messages tro the correct internal host if I disable "Accept ICMP" but add the correct rule for the allowed ICMP messages? Any help would be greatly appreciated. -- Steve ------------------------------------------------- Steve Loughran, Network Infrastructure Manager Sony Computer Entertainment Europe (Cambridge) Home Page -> http://sl.scee.sony.co.uk/ Yamaha YZF1000R Thunderace ICQ#: 12666311 (Work), 104426046 (Laptop) Team Waste - Where do you want to go wrong today? ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|