[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Stateful ICMP

To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] Stateful ICMP
From: Lance Spitzner <lance@spitzner.net>
Date: Sun, 19 Mar 2000 12:49:14 -0600 (CST)
Sender: owner-fw-1-mailinglist@lists.us.checkpoint.com


Has anyone gotten stateful ICMP to work on 4.1?

The trick of "enable ICMP Last" in the properties menu
doesn't work for me.  The return ICMP traffic is dropped, 
and I never see anything in the connections table.  
There is an intriguing entry in /etc/fw/lib/table.def. 

/*****************
 * STATEFUL ICMP *
  *****************/
  #ifdef STATEFUL_ICMP
  icmp_connections = dynamic sync refresh expires TCP_START_TIMEOUT;
  icmp_requests = { ICMP_ECHO, ICMP_TSTAMP, ICMP_IREQ, ICMP_MASKREQ };
  icmp_replies = { 
ICMP_ECHOREPLY,ICMP_TSTAMPREPLY,ICMP_IREQREPLY,ICMP_MASKREPLY};
  icmp_errors = { 
ICMP_UNREACH,ICMP_SOURCEQUENCH,ICMP_TIMXCEED,ICMP_PARAMPROB,ICMP_REDIRECT };
  #endif

However, I cannot crack the code on how to make ICMP truly statefull.
Pointers greatly appreciated.

Thanks

Lance Spitzner
http://www.enteract.com/~lspitz/papers.html



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] Stateful ICMP
  - From: Earl Robinson <earl_robinson@senet-int.com>

Prev by Date: [FW1] VPN-1 Server separate from Firewall
Next by Date: Re: [FW1] Stateful ICMP
Prev by thread: [FW1] VPN-1 Server separate from Firewall
Next by thread: Re: [FW1] Stateful ICMP
Index(es):
- Date
- Thread