-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Haydock Paul [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, August 30, 2000 8:44 AM
>
> I have set ICMP to 'Last' in rule zero (properties) and the added
> the following rule :-
>
> Internal-networks - any - icmp-echo &
> traceroute allow
>
I recommend not selecting ICMP in your properties. These setting will
engage implied rules, which are a) easy to overlook, and b) hard to
control.
I always configure ICMP rules as follows:
Int-Net Any echo-request accept
Any Int-Net dest-unreach accept
time-exceeded
echo-reply
That allows you to ping/tracert out and receive responses in, but it
blocks incoming ICMP requests.
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOa0s9kRKym0LjhFcEQKdaQCghMoCIIet7y2hJfOKlgHV61Z+PpsAn27q
6aHYBbOc4cEJc0Q7hQ862d/C
=R+K0
-----END PGP SIGNATURE-----
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
