really interesting cheers Paolo Riviello Mob. +39.328.1749468 Home: http://www.paoloriviello.com Msn: [EMAIL PROTECTED] Skype: pao_rivi --I'm a rebel, soul rebel I'm a capturer, soul adventurerSee the morning sun, On the hillside if not living good, travel wide. B.M.> Date: Fri, 16 Nov 2007 11:02:42 +0000> From: [EMAIL PROTECTED]> Subject: Re: [FW-1] default policy> To: [email protected]> > Et al ...> > > 'Ere's some additional info, please "/dev/null" if already known/discussed > ...> > > cpstop -fwflag –default : shutdown processes and load default filter> cpstop -fwflag -proc : shutdown processes and keep former kernel policy > and maintains the connection table so that after cpstart you will not > experience any “out of state” related packets dropped.> > To check the current IP forwarding setting use the commands:> $FWDIR/boot/fwboot bootconf get_ipf> > To check the current Default filter setting use the command:> $FWDIR/boot/fwboot bootconf get_def> > To remove or install both initial policy and default filter at once, from > one command line:> control_bootsec -r (remove) # control_bootsec -g (generate)> > Note: on UNIX platforms the boot settings are in the > $FW_BOOT_DIR/boot.conf file. On Win32 platforms it is in the registry at: > “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FW1\Parameters”> > This Allows the FireWall-1 administrator to take down the FW processes > (i.e fwstop) for maintenance without exposing the FireWall machine to > attacks:> ’fwstop -default’ - Stops the FireWall processes and loads the Default > Filter> ’fwstop -proc’ - Stops the FireWall processes but keeps the current kernel > policy> > Step by step Default Filter creation instructions:> 1. Use an existing defaultfilter file as a source template: you can find > the templates in: $FWDIR/lib/defaultfilter.* there should be 3 files > defaultfilter with these file extentions: boot,dag,drop> 2. Copy the defaultfilter.boot to a defaultfilter.customized and edit your > customized copy according to the example below.> 3. Backup your original $FWDIR/conf/defaultfilter.pf> 4. Copy your customized file: defaultfilter.customized to: > $FWDIR/conf/defaultfilter.pf for example: ”copy > $FWDIR/lib/defaultfilter.customized $FWDIR/conf/defaultfilter.pf”> 5. Compile your new customized policy by running the command: fw > defaultgen> 6. Afterwards: copy the newly compiled $FWDIR/state/default.bin to > $FWDIR/boot/default.bin on unix’s or to c:\winnt\system32\...\default.bin> > > Cheers> > Andrew> > CSC Computer Sciences Limited> Registered Office: Royal Pavilion, Wellesley Road, Aldershot, Hampshire, > GU11 1PZ, UK> Registered in England No: 0963578> > ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------> This is a PRIVATE message. If you are not the intended recipient, please > delete without copying and kindly advise us by e-mail of the mistake in > delivery. > NOTE: Regardless of content, this e-mail shall not operate to bind CSC to > any order or other contract unless pursuant to explicit written agreement > or government initiative expressly permitting the use of e-mail for such > purpose.> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------> > > > > Lari Luoma <[EMAIL PROTECTED]> > Sent by: Mailing list for discussion of Firewall-1 > <[email protected]>> 15/11/2007 20:21> Please respond to> Mailing list for discussion of Firewall-1 > <[email protected]>> > > To> [email protected]> cc> > Subject> Re: [FW-1] default policy> > > > > > > FW control connections are allowed in the initial policy, aren't they?> > -lari-> > > -----Original Message-----> From: Mailing list for discussion of Firewall-1 on behalf of cisco4ng> Sent: Thu 11/15/2007 5:15 PM> To: [email protected]> Subject: Re: [FW-1] default policy> > default policy will block EVERYTHING including ssh.> > Here is what I would do:> > 1) create a small script like this call unload_me:> #!/bin/csh> source /opt/CPsuite-R65/svn/tmp/.CPprofile.csh> /opt/CPsuite-R65/bin/fw unloadlocal> /opt/CPsuite-R65/bin/fw unloadlocal> > 2) put in cron and set it to run every 5 minutes:> > utc > 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,25,30,35,40,45,50,52,53,54,55,56,57,58,59 > * * * * [ -x /var/emhome/monitor/fwuser/scripts/unload_me ] && > /var/emhome/monitor/fwuser/scripts/unload_me > /dev/null 2>&1> > 3) now reset your SIC,> > 4) once you're done with SIC, the script will unload the default policy,> > 5) comment out the line in step 2,> > Easy right?> > > > Din Cox <[EMAIL PROTECTED]> wrote: Yes this can be done via ssh assuming you > allowed such access to the> firewall.> > -----Original Message-----> From: Mailing list for discussion of Firewall-1> [mailto:[EMAIL PROTECTED] On Behalf Of Peter> Addy> Sent: Thursday, November 15, 2007 9:22 AM> To: [email protected]> Subject: [FW-1] default policy> > Hi All> > Might be a silly question, so bear with me!!> > Resetting sic on the firewall restarts and then load the default policy,> i know you can unload this by doing fw unloadlocal from the console.> > My question is there any way this could be done without console access,> via ssh or does the default policy stop all connections to the firewall?> I don't think so but i could be wrong, is there any other back door?> > Many thanks> > > ---------------------------------> Never miss a thing. Make Yahoo your homepage.> > Scanned by Check Point Total Security> > =================================================> To set vacation, Out-Of-Office, or away messages,> send an email to [EMAIL PROTECTED]> in the BODY of the email add:> set fw-1-mailinglist nomail> =================================================> To unsubscribe from this mailing list,> please see the instructions at> http://www.checkpoint.com/services/mailing.html> =================================================> If you have any questions on how to change your> subscription options, email> [EMAIL PROTECTED]> =================================================> > =================================================> To set vacation, Out-Of-Office, or away messages,> send an email to [EMAIL PROTECTED]> in the BODY of the email add:> set fw-1-mailinglist nomail> =================================================> To unsubscribe from this mailing list,> please see the instructions at> http://www.checkpoint.com/services/mailing.html> =================================================> If you have any questions on how to change your> subscription options, email> [EMAIL PROTECTED]> =================================================> > > > ---------------------------------> Get easy, one-click access to your favorites. Make Yahoo! your homepage.> > =================================================> To set vacation, Out-Of-Office, or away messages,> send an email to [EMAIL PROTECTED]> in the BODY of the email add:> set fw-1-mailinglist nomail> =================================================> To unsubscribe from this mailing list,> please see the instructions at> http://www.checkpoint.com/services/mailing.html> =================================================> If you have any questions on how to change your> subscription options, email> [EMAIL PROTECTED]> =================================================> > > =================================================> To set vacation, Out-Of-Office, or away messages,> send an email to [EMAIL PROTECTED]> in the BODY of the email add:> set fw-1-mailinglist nomail> =================================================> To unsubscribe from this mailing list,> please see the instructions at> http://www.checkpoint.com/services/mailing.html> =================================================> If you have any questions on how to change your> subscription options, email> [EMAIL PROTECTED]> =================================================> > _________________________________________________________________ Scarica GRATIS le emoticon della tua squadra del cuore e il calendario di serie A! http://www.emoticons-livemessenger.com/pages/msnitcalcio/index.htm
Scanned by Check Point Total Security ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
