[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Pseudo Rules

To: fw-1-mailinglist@lists.us.checkpoint.com, ian_cuthbertson@uk.ibm.com
Subject: Re: [FW1] Pseudo Rules
From: Dan Lundien <lundien@nlm.nih.gov>
Date: Tue, 9 Nov 1999 11:57:13 -0500 (EST)


In your case, I think that this rule comes into play when you are logged 
into the firewall itself and are trying to get out with something like telnet,
ping, etc.


Dan Lundien
Sr Systems Administrator
Appnet Inc.



> From fw-1-mailinglist-owner@lists.us.checkpoint.com Tue Nov  9 11:06 EST 1999
> From: ian_cuthbertson@uk.ibm.com
> X-Lotus-FromDomain: IBMGB
> To: undisclosed-recipients:;
> To: fw-1-mailinglist@lists.us.checkpoint.com
> Date: Tue, 9 Nov 1999 15:33:30 +0000
> Subject: [FW1] Pseudo Rules
> Mime-Version: 1.0
> Content-Disposition: inline
> 
> 
> 
> 
> Can anyone explain the Psuedo Rule
> 
> Accept Outgoing packets
> 
> The FW1 Help says:
> 
> "On gateways, rules are usually enforced on the inbound direction only. When a
> packet passing through a gateway leave a gateway, it will be allowed to pass
> only if the following is true:
> 
> 1. The accept outgoing packets property is checked
> 2. Rules are enfoced in both directions (eithebound) and rules are in place to
> let packets leave the firewall".
> 
> My question is, if I have configued my rules to install on "Gateways" and they
> apply inbound only (configured in policy properties). Therefore it should not be
> checking packets leaving the gateway. Also this rule is configured last, which
> is after a rule that states
> 
> Source Any
> Destination Any
> Service Any
> Action Drop
> 
> So this rule will never be reached anyway. SO can I remove this rule without any
> damage?
> 
> Thanks, Ian
> 
> Technical Directions and Enterprise, Geomar Technical Centre
> ian_cuthbertson@uk.ibm.com
> 
> 
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] New Solaris Firewall Installation - Recommendations?
Next by Date: Re: [FW1] SMTP Telnet
Prev by thread: [FW1] Pseudo Rules
Next by thread: Re: [FW1] Pseudo Rules
Index(es):
- Date
- Thread