Firewalls: Re: Firewalls-Digest V6 #55

Firewalls
(February 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Firewalls-Digest V6 #55
From:	"Boni D. Bruno" <bbruno @ dsw . net>
Organization:	Data Systems West
Date:	Fri, 14 Feb 1997 10:39:12 -0800
To:	firewalls @ GreatCircle . COM
Cc:	fhr @ telekurs . com, rehman @ lhr . aster . com . pk, dsroelov @ pacbell . net
References:	<199702140844 . AAA29582 @ miles . greatcircle . com>
Reply-to:	bbruno @ dsw . net

> From: Rafeeq Ur Rehman <rehman @
 lhr .
 aster .
 com .
 pk>
> To: Dave Sroelov <dsroelov @
 pacbell .
 net>
> Cc: fw-1-mailinglist @
 us .
 checkpoint .
 com; firewalls @
 GreatCircle .
 COM
> Subject: Re: strange behavior
> Date: Thursday, February 13, 1997 12:35 AM
> 
> On Wed, 12 Feb 1997, Dave Sroelov wrote:
> 
> > being somewhat new to FW-1 i have come across something that is a
little
> > strange.  if i set up a policy with one rule that says to reject all
> > packet types from source=any to destination=any and log everything, why
> > does ping still work?
> > 
> > if i specifically add a rule to block icmp packets then ping stops.  i
> > would think that blocking 'all' packet types would block everything
that
> > FW-1 knows about, and it knows about icmp.
> > 
> If you have an application level firewall, it may not stop icmp.
> 
> Rafeeq Ur Rehman
> rehman @
 lhr .
 aster .
 com .
 pk
> 
Dave,
Your first scenario would have worked if you would have disable icmp
under properties.  FW-1 by default will allow ping unless specifically
denied in a rule or better, just disabling icmp under properties as I
stated above, is the best way to go.

Rafeeq,
FYI: Raptor is an application gateway firewall which stops icmp.
-----------------------
>
>Dear firewallers,
>We have firewall-1 Rel. 2.1. 
>We defined about 90 Network Objects.
>If we want to add now a host in the rule base editor, the popup
>menu for the hosts does not get displayed anylonger.
>In the console window we get the following error message
>"XView warning: Menu too large for screen (Command menu package)"
>I found some hints about it in the SUNsolve database. It says there,
>that this is a known bug and that in future releases it would be
>fixed.
>But I need a solution before that.
>I think this problem had been discussed before, but I have not keep
>the mails.
>Many thanks in advance for your time and help.
>Kind Regards      Rene 
Edit objects.c and change the <display in menu> tag from T to F.  This
will not show the object in the window and allow you to add more
objects.  Obviously, you only want to do this for objects you dont need
often.  Its a mikey-mouse solutions, but until sun changes their XVIEW
libraries, you stuck with this solution.

Regards, 
-- 
Boni D. Bruno                                          bbruno @
 dsw .
 net
Data Systems West                                    818-883-9800x225
21101 Oxnard Street, Woodland Hills, CA 91367      http://www.dsw.net

Indexed By Date	Previous:	RE: Pointcast - how to block.... From: Doug McFadyen <DougMc @ Attachmate . com>
Indexed By Date	Next:	Internet Manager From: Jamie_T_Brooks @ framatech . com
Indexed By Thread	Previous:	RE: Firewalls-Digest V6 #55 From: "Simonowits, Jerry" <js18262 @ imcnam . sbi . com>
Indexed By Thread	Next:	Re: Firewalls-Digest V6 #55 From: jhall @ sqi . com (John Hall)