On Wed, 12 Feb 1997, Dave Sroelov wrote:
> being somewhat new to FW-1 i have come across something that is a little
> strange. if i set up a policy with one rule that says to reject all
> packet types from source=any to destination=any and log everything, why
> does ping still work?
> if i specifically add a rule to block icmp packets then ping stops. i
> would think that blocking 'all' packet types would block everything that
> FW-1 knows about, and it knows about icmp.
If you have an application level firewall, it may not stop icmp.
Rafeeq Ur Rehman