note that it is god practice to deny incoming packets with private class
addresses:
10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
127.0.0.0/8
and it is also a good idea not to send packets destined to these networks to
the internet. so deny outgoing packets that have these destinations.
cheers,
mouss
At 23:56 07/11/00 +0100, Joseba Otero wrote:
>I have four interfaces in my Checkpoint, two for internet and the other two
>for intranet.
>INTERNET:*.*.*.*
>INTRANET:10.*.*.*
>I need only that the firewall drops any intranet source packets (10.*.*.*)
>in the internet interfaces.
>Also, I can't do this with simple rule because the rule applies in all the
>interfaces.
>When I configure the spoofing in the interface property I can select the
>networks that I accept, but I want to put the networks that I deny.
>
>There is another way to do this (deny packets with source IP 10.*.*.* in the
>Internet interfaces)
>
>Thanks
>joseba
>
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
