Hi,
        1) Can explain me how a rule can be configured? what are the parameters 
required to identify a rule? For example i have identified a rule as follows :

rule  #  [Src Addr/ Mask]  [Dest Addr/ Mask] [protocol] [Src Port] [Dest Port] 
[AckBit] [IP Optons] [Fragmentation] [Action] [direction]

        Is this correct or anything more than this?


        2) Can filters be explained in terms of rules? Can i say combining rules using 
'&' operator forms a filter? for example i identify a filter as follows :

        filter 1 = rule 1 & rule 2  

        If i configure like this what does it mean? Does it make sense?

        3) For example a predefined  filter can be configured as follows :

                TelnetIN            [Src Addr/Mask] [Dest Addr/Mask] [action]
                TelnetOUT  [Src Addr/Mask] [Dest Addr/Mask] [action]

        Can a predefined filter be combined with rules or filters using '&' operation?

        Example :   filter 1 = TelnetIN & rule3 & filter 1 

        If configured like this does it make sense ?

        4) In all the above cases if I mean '&' as a logical '&' operation, then the 
packet should match all the rules and then the     decision must be taken. for example

                rule 1 128.0.0.1/16   165.0.0.0/16   tcp   permit   in
                rule 2  src.port=23   dest.port > 1023   permit   in
                rule 3  172.0.0.0/16   132.0.0.0/16 permit   out
                filter 1 = rule 1 & rule 2  (this means filter 1 = 128.0.0.1/16   
16.0.0.0/16  tcp  23  >1023  permit  in )
                filter 2 = rule 1 & rule 3  ( i feel this combination is not correct. 
is it valid)

        Then I will configure the above filters in any one of my filtering router's 
interface.

        Please explain all these with specific examples.
 
        5) Are there any firewall product where the rules can be configured using '&' 
operation ?
        
Thanks in advance,
G.kamatchi sundaram.


" You cannot discover new oceans unless u have the courage to leave the shore".
/* * * * * * * * * * * * *  * * * * ** * * * * * * * * * * * * * * * * * * * * * * * * 
* ** * ** * * * * * * * * * * * * * * * * * * * * * * * * * * * /
G.Kamatchi soundaram,
Software engineer,
Future Software Pvt. Ltd.,
480/481, Mount road,
Nandanam,
Chennai -600 017
Ph: 044- 4330550 ext -397.

-----Original Message-----
From:   Jack Dingler [SMTP:[EMAIL PROTECTED]]
Sent:   Friday, October 15, 1999 5:46 AM
To:     Kamatchi Sundaram
Subject:        Re: Some doubts in Firewall Implementation.

Rules can be hand coded in the 'Inspect' language, but are more commonly coded using 
Check Point's GUI rule base editor.  Basically, rules are set up in order, and when a 
packet matches a rule, an Accept, Reject or Drop occurs, allowing or disallowing that 
particular communication.  The rules are normally processed in ascending
order.  They include specifications for sources, destinations, protocols and resources 
associated with protocols.

Rules can be based on workstations, networks, and groups of both along with protocols 
and ports.

Authentication and encryption is also supported but is beyond the scope that I'd like 
to cover in EMail.

If you have a specific scenario in mind, I could likely, give you a rulebase scenario 
to cover it.

Typically the '&' operator works at the 'Inspect' level and is something most admins 
don't worry about.

FireWall-1 is a complex and mature product.  There is only so much that can be covered 
without the benefit of using the product or attending a certification class.





-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to