[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] creating port range service objects

To: "'Bauman, Brian'" <Brian.Bauman@ps.net>, fw-1-mailinglist@lists.us.checkpoint.com
Subject: RE: [FW1] creating port range service objects
From: "Love, Simon ST" <Simon.Love@littlewoods-stores.co.uk>
Date: Thu, 14 Oct 1999 10:40:01 +0100

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set. Some ]
    [ characters may be displayed incorrectly. ]


The problem is that the port range stuff is not used for services.

If you wish to define a new service with a range of ports you have to create
a new object of type other and use INSPECT code in the definition on the
match field.

An example to open up your range for tcp packets would be :

tcp, dport > 10000, dport < 10009

You should then be able to add that as your new resource.

see phoneboy site : http://www.phoneboy.com/fw/faq/0062.html  for another
version of my summary.

Simon R. Love
Technical Services Group
Littlewoods Retail Limited

Email : simon.love@littlewoods-stores.co.uk
Phone : 0151 235 4554, Fax : 0151 235 3151


-----Original Message-----
From: Bauman, Brian [mailto:Brian.Bauman@ps.net]
Sent: Wednesday, October 13, 1999 10:29 PM
To: fw-1-mailinglist@lists.us.checkpoint.com
Subject: [FW1] creating port range service objects



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello all, 
	I am trying to add a range of TCP ports to allow Remedy through the
firewall.  I create a new services object >> range let's say ports
10000 - 10009 and  then save the object.  When I try to add the newly
created port ranges to the allowed services in a rule or add them into
a group, the range does not show up.  I am running CKP 4.0 Service
Pack 1 (build 4058) and running CKP 4.0 Service pack 3 hotfix GUI.  I
am wondering if anyone has encountered this before and if there is a
fix or am I not using the services >> port ranges correctly.  Any help
is appreciated.

- -Brian Bauman
INFOSEC
Perot Systems


-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA+AwUBOAT54iyCUd6JF1gwEQLrFACVH2HJEKEReVtwhdLWe3LCkFjeuQCg8r3e
+1gcTRNQxz5xtiKltXhSJeY=
=zk6b
-----END PGP SIGNATURE-----


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Rule 0 Reject - SYN->SYNC-ACC->timeout or RST
Next by Date: RE: [FW1] creating port range service objects
Prev by thread: [FW1] creating port range service objects
Next by thread: RE: [FW1] creating port range service objects
Index(es):
- Date
- Thread