[prev in list] [next in list] [prev in thread] [next in thread]
List: firewall-1
Subject: Re: [FW-1] ICMP Packets
From: Joe Matusiewicz <joem () NIST ! GOV>
Date: 2005-09-29 16:04:45
Message-ID: 5.1.0.14.2.20050929120034.027d78e0 () 129 ! 6 ! 16 ! 94
[Download RAW message or body]
At 08:35 AM 9/29/2005, Maurit Pereira Fagundes wrote:
>Hello all,
>
>In global properties there is an option: Accept ICMP requests. I want to
>avoid that people in internet ping and run the tracerout command against
>my dmz servers.
>what is the better way to do this? disabling this option in global
>proterties or creating a rule base to do this? If i create a rule base i
>must disable this option in rule base?
I create a group called icmp_allow that contains echo request,
time-exceeded, and dest-unreach. All the rest of the icmp services go into
a group called icmp_deny. This way I can allow ping and traceroutes
outbound and deny them inbound.
HTH,
-- Joe
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner@ts.checkpoint.com
=================================================
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic