RE: [FW1] Adding rule for echo-request.

Thu, 30 Nov 2000 13:50:53 -0800 



Thanks,
all of you who answered, though I
think I didn't really make my qestion clear.

What I wondered was if the two different ways
of allow outgoing echo-requests (forget the replies)
would cause FW-1 to treat the packets any differently.

Anyway, I thought about it, and I'm pretty sure now
that my question was pointless to begin with.
(The answer is, of course: No.)

Again, thanks to all of you.
Cheers,
Anders :)



-----Original Message-----
From: Roelandts, Guy [mailto:[EMAIL PROTECTED]]
Sent: 30. november 2000 09:32
To: 'Reed Mohn, Anders'; Fw-1-Mailinglist (E-mail)
Subject: RE: [FW1] Adding rule for echo-request.



Anders,

   Yes it does, with the 1st rule you only allow the outgoing
 'ping' packets ... but with no other rule, you'll never get a
 reply I think. You should add a 2d rule to allow the replies :

Src             Dest            Service
Internet        Internal        echo-reply + (?? time-exceeded &
dest-unreach ??)

  That way only outgoing ICMP will be allowed, and incoming replies.

Met vriendelijke groeten - Bien � vous - Kind regards

Guy ROELANDTS
Compaq Software Engineer - Belgium
E-mail : [EMAIL PROTECTED]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65

-----Original Message-----
From: Reed Mohn, Anders [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 29, 2000 8:13 PM
To: Fw-1-Mailinglist (E-mail)
Subject: [FW1] Adding rule for echo-request.

Just curious:
Is there any difference in specifically adding a rule for
outbound echo-request, and just letting the packets out
through a more general rule?

E.g:

Src     Dest    Service
Internal        internet        echo-request
vs.

Src     Dest    Service
Internal internet Any

Does this affect the way the the FW treats these packets?

Cheers,
Anders RM :)


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to