[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] creating port range service objects

To: "Love, Simon ST" <Simon.Love@littlewoods-stores.co.uk>
Subject: RE: [FW1] creating port range service objects
From: Fredrik Palm <frpa01@handelsbanken.se>
Date: Thu, 14 Oct 1999 13:37:05 +0200
Cc: fw-1-mailinglist@lists.us.checkpoint.com


Hi,

There is a much easier way do accomplish this. Just create an ordinary
tcp service and put 10000-10009 in the port field.

There are a couple of predefined services like this already there. Check
out the definition of X11 in objects.C or in the gui. You can also use 
e.g. > (g.t.) as in the definitions for tcp-high-ports and udp-high-ports.

Regards,
//Fredrik

On 14 Oct 99, Love, Simon ST wrote:

> 
> The problem is that the port range stuff is not used for services.
> 
> If you wish to define a new service with a range of ports you have to create
> a new object of type other and use INSPECT code in the definition on the
> match field.
> 
> An example to open up your range for tcp packets would be :
> 
> tcp, dport > 10000, dport < 10009
> 
> You should then be able to add that as your new resource.
> 
> see phoneboy site : http://www.phoneboy.com/fw/faq/0062.html  for another
> version of my summary.
> 
> Simon R. Love
> Technical Services Group
> Littlewoods Retail Limited
> 
> Email : simon.love@littlewoods-stores.co.uk
> Phone : 0151 235 4554, Fax : 0151 235 3151
> 
> 
> -----Original Message-----
> From: Bauman, Brian [mailto:Brian.Bauman@ps.net]
> Sent: Wednesday, October 13, 1999 10:29 PM
> To: fw-1-mailinglist@lists.us.checkpoint.com
> Subject: [FW1] creating port range service objects
> 
> 
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello all, 
> 	I am trying to add a range of TCP ports to allow Remedy through the
> firewall.  I create a new services object >> range let's say ports
> 10000 - 10009 and  then save the object.  When I try to add the newly
> created port ranges to the allowed services in a rule or add them into
> a group, the range does not show up.  I am running CKP 4.0 Service
> Pack 1 (build 4058) and running CKP 4.0 Service pack 3 hotfix GUI.  I
> am wondering if anyone has encountered this before and if there is a
> fix or am I not using the services >> port ranges correctly.  Any help
> is appreciated.
> 
> - -Brian Bauman
> INFOSEC
> Perot Systems
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 6.0.2
> 
> iQA+AwUBOAT54iyCUd6JF1gwEQLrFACVH2HJEKEReVtwhdLWe3LCkFjeuQCg8r3e
> +1gcTRNQxz5xtiKltXhSJeY=
> =zk6b
> -----END PGP SIGNATURE-----
> 
> 
> ============================================================================
> ====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ============================================================================
> ====
> 
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



----------------------------------------------------------
Fredrik Palm                Email: frpa01@handelsbanken.se
Svenska Handelsbanken       Phone: +46-8-7011789
CDCK-I                      Fax:   +46-8-7011624
106 70 Stockholm
Sweden


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] creating port range service objects
Next by Date: RE: [FW1] creating port range service objects
Prev by thread: RE: [FW1] creating port range service objects
Next by thread: RE: [FW1] creating port range service objects
Index(es):
- Date
- Thread