Correct me if I am wrong, but I think allowing ICMP is part of the policy
properties.
I apologize if I am wrong here, I don't have a FW-1 box infront of me
right now.
The email that I replied to said that any any any accept was = a router.
This is FAR from the truth. (Although I wish it was the truth)
On Fri, 9 Feb 2001, Frank Knobbe wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 08, 2001 9:16 PM
> >
> > this is not true.
> >
> > any does NOT mean any.
> >
> > something that is closer to any would be:
> > s/any d/any p/highUDPports&highTCPports a/accept
> > s/any d/any p/any a/accept
> >
> > AND many many modifications in your policy properties.
>
>
> And what about other IP protocols, such as ICMP. Aren't they included
> in 'any'? That would make any more like any, and not like TCP/UDP
> high ports...
>
> Regards,
> Frank
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.5.8
> Comment: PGP or S/MIME encrypted email preferred.
>
> iQA/AwUBOoOPXZytSsEygtEFEQLX6ACgvHQoo0OqyUEr0yhbkAeveFkAJBYAninf
> tQNT1tlu7cGdiEJkg14J5171
> =W2tF
> -----END PGP SIGNATURE-----
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
--
--Paul
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
