Firewalls: strange behavior

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	strange behavior
From:	Dave Sroelov <dsroelov @ pacbell . net>
Date:	Wed, 12 Feb 1997 11:13:18 -0800
To:	fw-1-mailinglist @ us . checkpoint . com, firewalls @ GreatCircle . COM
References:	<199702120205 . SAA19599 @ althea . Ebay . Sun . COM>

being somewhat new to FW-1 i have come across something that is a little
strange.  if i set up a policy with one rule that says to reject all
packet types from source=any to destination=any and log everything, why
does ping still work?

if i specifically add a rule to block icmp packets then ping stops.  i
would think that blocking 'all' packet types would block everything that
FW-1 knows about, and it knows about icmp.

	dave

Follow-Ups:

Re: strange behavior
From: Rafeeq Ur Rehman <rehman @ lhr . aster . com . pk>
Re: [FW1] strange behavior
From: zeck @ contact . com . sg (Zeck Lim)

References:

Re: [FW1] rule set
From: jerald . josephs @ Ebay . Sun . COM (Jerald Josephs)

Indexed By Date	Previous:	Spit DNS - Another way From: Kurt Kessel <kkessel @ hteinc . com>
Indexed By Date	Next:	Re: Virus named Penpal Greetings From: jegan @ iai . com (James Egan)
Indexed By Thread	Previous:	Re: [FW1] rule set From: jerald . josephs @ Ebay . Sun . COM (Jerald Josephs)
Indexed By Thread	Next:	Re: [FW1] strange behavior From: zeck @ contact . com . sg (Zeck Lim)