Can anyone give me a hind about the predefined service icmp-proto?
The match section has 1, and I'm not sure what that means (the match section
for other predefined icmp services seem to be match the "type" field). Does
1=TRUE so that any icmp packets are a match?
In the end, I will probably go with PhoneBoy's suggestion to allow
echo-request, traceroute outbound (to the Internet), and echo-reply,
time-exceeded, dest-unreach inbound (from the Internet), but I just want to
understand the options...
-- DH
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
