Hi,
1) Can explain me how a rule can be configured? what are the parameters
required to identify a rule? For example i have identified a rule as follows :
rule # [Src Addr/ Mask] [Dest Addr/ Mask] [protocol] [Src Port] [Dest Port]
[AckBit] [IP Optons] [Fragmentation] [Action] [direction]
Is this correct or anything more than this?
2) Can filters be explained in terms of rules? Can i say combining rules using
'&' operator forms a filter? for example i identify a filter as follows :
filter 1 = rule 1 & rule 2
If i configure like this what does it mean? Does it make sense?
3) For example a predefined filter can be configured as follows :
TelnetIN [Src Addr/Mask] [Dest Addr/Mask] [action]
TelnetOUT [Src Addr/Mask] [Dest Addr/Mask] [action]
Can a predefined filter be combined with rules or filters using '&' operation?
Example : filter 1 = TelnetIN & rule3 & filter 1
If configured like this does it make sense ?
4) In all the above cases if I mean '&' as a logical '&' operation, then the
packet should match all the rules and then the decision must be taken. for example
rule 1 128.0.0.1/16 165.0.0.0/16 tcp permit in
rule 2 src.port=23 dest.port > 1023 permit in
rule 3 172.0.0.0/16 132.0.0.0/16 permit out
filter 1 = rule 1 & rule 2 (this means filter 1 = 128.0.0.1/16
16.0.0.0/16 tcp 23 >1023 permit in )
filter 2 = rule 1 & rule 3 ( i feel this combination is not correct.
is it valid)
Then I will configure the above filters in any one of my filtering router's
interface.
Please explain all these with specific examples.
5) Are there any firewall product where the rules can be configured using '&'
operation ?
Thanks in advance,
G.kamatchi sundaram.
" You cannot discover new oceans unless u have the courage to leave the shore".
/* * * * * * * * * * * * * * * * * ** * * * * * * * * * * * * * * * * * * * * * * * *
* ** * ** * * * * * * * * * * * * * * * * * * * * * * * * * * * /
G.Kamatchi soundaram,
Software engineer,
Future Software Pvt. Ltd.,
480/481, Mount road,
Nandanam,
Chennai -600 017
Ph: 044- 4330550 ext -397.
-----Original Message-----
From: Jack Dingler [SMTP:[EMAIL PROTECTED]]
Sent: Friday, October 15, 1999 5:46 AM
To: Kamatchi Sundaram
Subject: Re: Some doubts in Firewall Implementation.
Rules can be hand coded in the 'Inspect' language, but are more commonly coded using
Check Point's GUI rule base editor. Basically, rules are set up in order, and when a
packet matches a rule, an Accept, Reject or Drop occurs, allowing or disallowing that
particular communication. The rules are normally processed in ascending
order. They include specifications for sources, destinations, protocols and resources
associated with protocols.
Rules can be based on workstations, networks, and groups of both along with protocols
and ports.
Authentication and encryption is also supported but is beyond the scope that I'd like
to cover in EMail.
If you have a specific scenario in mind, I could likely, give you a rulebase scenario
to cover it.
Typically the '&' operator works at the 'Inspect' level and is something most admins
don't worry about.
FireWall-1 is a complex and mature product. There is only so much that can be covered
without the benefit of using the product or attending a certification class.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
