RE: [FW1] Apply rule to an interface

Fri, 25 Aug 2000 00:01:24 -0700 


Look this. All I want to do is deny that broadcast packets bad formed (formed?), the 
packets that have ilegal information in their headers. With the example that I show 
you in my last message I am triying to deny the broadcast packets sent to and throught 
my external interface with bad information in thir headers. If you take a look for a 
while you'll see that the destination address is 0.0.0.0 (the broadcast source) 
instead of 255.255.255.255, so that packet is bad formed.

Thanks for the explain in your mail, I think that now I can start to do what I want, 
I'll tell you how have I done it.

Regards.


>>> "Reed Mohn, Anders" <[EMAIL PROTECTED]> 24/08/00 15:59 >>>

>From what I've seen of FW-1 so far, I don't think you can do precisely that.

But, you have the option of setting FW-1 to check packets
in Inbound, Outbound or Eitherbound directions.

That is, using Inbound means packets will only be checked
as they come in on an interface, Outbound means they are checked
as they leave the FW, eitherbound is both.

Using Inbound or Outbound will make FW-1 check your packets
only once, and has, I guess the same effect as applying a rule
to an single interface.

As for the rules:
Let's see, is this what you are trying to do ?

Internal= <your LAN>
External= Internet or whatever you're connected to
BC_DEST=255.255.255.255
BC_SRC=0.0.0.0

SRC=External Dest=BC_DEST Service=Any Action=Drop
SRC=Internal Dest=BC_DEST Service=Any Action=Drop
SRC=BC_SRC Dest=Internal Service=Any Action=Drop
SRC=BC_SRC Dest=External Service=Any Action=Drop

This effectively blocks any broadcast from going through your FW at all.
You can shorten it like this:

SRC=Any Dest=BC_DEST Service=Any Action=Drop
SRC=BC_SRC Dest=ANY Service=Any Action=Drop

These rules still apply to all interfaces, though.

Cheers,
Anders :)



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to