On Tue, 21 Mar 2000, Paul Cardon wrote:
> [EMAIL PROTECTED] wrote:
> >
> > With Firewall-1 all ports defined in the /etc/services file will be denied
> > connections to during an ftp session. This is defined in the file base.def
> > as follows:
> > // ports which are dangerous to connect to
> > #define NOTSERVER_TCP_PORT(p) {
> > (not
> > (
> > ( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11 0,
> > set sr12 p, set sr1 0, log bad_conn)
>
> Actually, the /etc/services file has nothing to do with it. All
> services of type TCP _defined_within_FW-1_ are added to the tcp_services
> table used in the macro listed above. A default FW-1 install will
> include a certain number of these but the list changes with the addition
> or removal of TCP service definitions in the rule base. The behavior of
> the inspect code can also be modified to make it as strict or open as
> desired.
The services list is actually the list of services defined in the
objects.C file. The services do NOT need to be defined in any rulebase.
Hugo.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
[EMAIL PROTECTED] http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Use of any of my email addresses for unsollicited (commercial)
email is a clear intrusion of my privacy and illegal!
