Firewalls: Re: strange behavior

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: strange behavior
From:	Rafeeq Ur Rehman <rehman @ lhr . aster . com . pk>
Date:	Thu, 13 Feb 1997 11:35:25 +0500 (GMT+0500)
To:	Dave Sroelov <dsroelov @ pacbell . net>
Cc:	fw-1-mailinglist @ us . checkpoint . com, firewalls @ GreatCircle . COM
In-reply-to:	<3302163E . 7200 @ pacbell . net>

On Wed, 12 Feb 1997, Dave Sroelov wrote:

> being somewhat new to FW-1 i have come across something that is a little
> strange.  if i set up a policy with one rule that says to reject all
> packet types from source=any to destination=any and log everything, why
> does ping still work?
> 
> if i specifically add a rule to block icmp packets then ping stops.  i
> would think that blocking 'all' packet types would block everything that
> FW-1 knows about, and it knows about icmp.
> 
If you have an application level firewall, it may not stop icmp.

Rafeeq Ur Rehman
rehman @
 lhr .
 aster .
 com .
 pk

References:

strange behavior
From: Dave Sroelov <dsroelov @ pacbell . net>

Indexed By Date	Previous:	Re: Split DNS - Another way From: "Marcus J. Ranum" <mjr @ clark . net>
Indexed By Date	Next:	FW: Re: In search of password server From: norbert_steiner @ amdahl . com
Indexed By Thread	Previous:	Re: [FW1] strange behavior From: zeck @ contact . com . sg (Zeck Lim)
Indexed By Thread	Next:	RE: [NTSEC] NT Security list From: "DONAHUE, DAVID B (D4BDONA)" <d4bdona @ msg . ptss . com>