[FW1] Re:

jrodriga Fri, 17 Aug 2001 14:55:35 -0700


Paul,

          put next rule before last rule (or rule "any-any-any-drop"):

          any   any  icmp-services  drop

          where icmp-services is a group created by you including all icmp
      protocol services.

          Also, you have to uncheck the property "Accept ICMP" in the
      "Policy-->Properties Setup-->Security Policy" menu.

          Regards,

                Josu�.



"Paul Cunningham" <[EMAIL PROTECTED]>@lists.us.checkpoint.com con fecha
15/08/2001 21:52:20


      Enviado por: [EMAIL PROTECTED]


                                                                          
         De                 "Paul Cunningham" <[EMAIL PROTECTED]>      
                            @lists.us.checkpoint.com                      
       --------+  -----------------------------------------------------+  
         A                                                                
       --------+  -----------------------------------------------------+  
         Copias                                                           
         a                                                                
       --------+  -----------------------------------------------------+  
         CCI                                                              
       --------+  -----------------------------------------------------+  
         Fecha              15/08/2001 21:52                              
       --------+  -----------------------------------------------------+  
         Tema                                                             
       --------+  -----------------------------------------------------+  






      Hello all,

      I am a newbie with this software and have been thrust into a
      situation that
      requires me to write a rule for my firewall denying all ICMP traffic.
      Our
      regular administrator is unreachable and we have no tech support. I
      need to
      lock this down to stop a "Smurf" attack on my network. If anyone
      might be
      kind enough to lend me a hand I would appreciate it. I'm sure it's
      easy for
      people who are well versed in the software, but I am looking at it
      for the
      first time today! I'm sure that rule may already be in place, but
      need to
      verify that. I figured out the basics on how to create the rule, but
      I'm not
      sure where the objects should be placed and what, if any, advanced
      features
      I need to invoke.

      Thanks,

      Paul

      _________________________________________________________________
      Get your FREE download of MSN Explorer at
      http://explorer.msn.com/intl.asp



      ================================================================================

           To unsubscribe from this mailing list, please see the
      instructions at
                     http://www.checkpoint.com/services/mailing.html
      ================================================================================








================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
[FW1] Re:

Reply via email to
