RE: [FW1] State Table

Wed, 23 May 2001 14:27:56 -0700 



Ah yes... meant "NOT" CLEARED.

I should stop posting in the middle of the night...   :)


Amin Tora, CISSP
ePlus Technology
http://www.eplus.com
NASDAQ: PLUS



-----Original Message-----
From: Chris Arnold [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 22, 2001 11:33 AM
To: Amin Tora; '[EMAIL PROTECTED] '
Subject: RE: [FW1] State Table


"fwstop" is quite different from "fw unload localhost."  The first
terminates fwd, fwm, fwalert and any other associated FW-1 processes
(security servers) and removes the kernel module.  It's just a script so you
can read through it.  The latter simply unloads the current applied policy
from the localhost and leaves fwd running with no policy.

Chris

-----Original Message-----
From: Amin Tora [mailto:[EMAIL PROTECTED]]
Sent: Monday, May 21, 2001 12:21 AM
To: '[EMAIL PROTECTED] '
Subject: RE: [FW1] State Table




The state tables are CLEARED if you stop the firewall or unload your
policies.

You can prove this...

On a test firewall module:

run $FWDIR/bin/fw tab -t connections -u    {displays contents of state
table}
run $FWDIR/bin/fwstop OR $FWDIR/bin/fw unload localhost
run $FWDIR/bin/fw tab -t connections -u


Amin Tora, CISSP
ePlus Technology
http://www.eplus.com
NASDAQ: PLUS


>-----Original Message-----
>From: Chris Arnold [mailto:[EMAIL PROTECTED]]
>Sent: Saturday, May 19, 2001 8:46 AM
>To: 'Juppunov, George '; '[EMAIL PROTECTED] '
>Subject: RE: [FW1] State Table
>
>Not true.  Think about it...if you shutdown the FW service, the state
tables
>are gone.  Why would the underlying OS hold some data structure in memory
>just in case the service that created it decides to respawn?  
>
>Chris
>
>>-----Original Message-----
>>From: Juppunov, George
>>To: [EMAIL PROTECTED]
>>Sent: 5/17/01 6:47 PM
>>Subject: RE: [FW1] State Table
>>
>>Your connections will be "suspended", and dropped after the timeout
>>expires. 
>>In other words you can stop and start your firewall in the middle of the
>>day without
>>impacting production.
>> 
>>George


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to