Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Question on creating a rule

To: [email protected]
Subject: Re: [FW-1] Question on creating a rule
From: David Gillett <[email protected]>
Date: Tue, 6 Aug 2002 08:53:05 -0700
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

  If I understand your question correctly, this is what the "stateful"
in "stateful inspection" takes care of.  (I believe it's actually a
bit more thorough than just "established", checking for instance that
sequence numbers make sense and so on, to limit session hijacking and
man-in-the-middle attacks.)

  When the firewall sees the exchange which sets up a session between
client and server (assuming it has a rule which allows client to contact
server for this service), it adds a temporary entry to a table of
current sessions.  It will recognize (and permit) the subsequent traffic
that makes up the session -- and drop it when the session ends.
  [In contrast, the router "established" criterion may look only at
whether the current packet has the SYN flag unset, and so may be
sidestepped by deliberately crafted packets.]

David Gillett


-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Dalila
Despinos
Sent: Monday, August 05, 2002 10:35 AM
To: [email protected]
Subject: [FW-1] Question on creating a rule


Hello, I'm sort of new to CP.
I know how to create a rule that will allow any IP to a web app, I'm running
on an internal box, but I don't know how to create it specific to 'only for
established connections'.
Any help would be appreciated.
Dalila Despinos
Software Support Team, Inc.
3900 Woodlake Boulevard, Suite #200
Lake Worth, FL  33411officefax

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Question on creating a rule
  - From: Dalila Despinos <[email protected]>

Prev by Date: [FW-1] Firewall-1NG management over a generic tcp-relay
Next by Date: [FW-1] Problems with IP530 and CPU load
Previous by thread: [FW-1] Question on creating a rule
Next by thread: [FW-1] First Linux NG install
Index(es):
- Date
- Thread