No, there's no problem with "any firewall [service] allow" rules.
(Ok, it's possible to attack your firewall with many IKE requests,
and RDP packets. But there's no way to send data through the firewall,
from any source to any destination.)
I just wondered why there was an "any any rdp allow" rule in the
implied rules, as everybody nows that "any any [service] allow"
is a bad idea and can be always avoided. So I just disabled the
implied rules, not thinking to open up a case...
With or without patch, stupid guys (in this case the developers)
can always add "any any [service] allow" rules to the rulebase,
and fw-1 won't even complain about such rules. I think the next
patch should completely reject such rules.
Patrick
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
