Anders,
Yes it does, with the 1st rule you only allow the outgoing
'ping' packets ... but with no other rule, you'll never get a
reply I think. You should add a 2d rule to allow the replies :
Src Dest Service
Internet Internal echo-reply + (?? time-exceeded &
dest-unreach ??)
That way only outgoing ICMP will be allowed, and incoming replies.
Met vriendelijke groeten - Bien � vous - Kind regards
Guy ROELANDTS
Compaq Software Engineer - Belgium
E-mail : [EMAIL PROTECTED]
Tel: +32(02)729.77.44 (options 3 - 3 - 1)
Fax: +32(02)729.77.65
-----Original Message-----
From: Reed Mohn, Anders [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 29, 2000 8:13 PM
To: Fw-1-Mailinglist (E-mail)
Subject: [FW1] Adding rule for echo-request.
Just curious:
Is there any difference in specifically adding a rule for
outbound echo-request, and just letting the packets out
through a more general rule?
E.g:
Src Dest Service
Internal internet echo-request
vs.
Src Dest Service
Internal internet Any
Does this affect the way the the FW treats these packets?
Cheers,
Anders RM :)
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
