If you need a rule that affects traffic to an from a particular interface you can create an object just with that interface IP but don't check it off as a firewall, then just use it in a rule. This work OK for things like accepting things like routing updates _at the firewall_. It does not work for objects that are not part of the firewall. Occasionally this trick creates problems when applying the policy when the object is created in objects.C file ahead of the firewall object. Delete and re-create trying a different name or just hoping.
Usually you should not have to do something like that unless your network has loops and other problems. You should also make the extra effort to have specific well defined rules. IMHO, using a generic rule and then trying to apply it to an interface makes for sloppy configurations. You should also have anti spoofing turned on. Adam ----- Original Message ----- From: "Security" <[EMAIL PROTECTED]> To: "Hiemstra, Brenno" <[EMAIL PROTECTED]>; "'Fransiscus Ruswahyudi'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Saturday, November 24, 2001 4:19 AM Subject: Re: Checkpoint FW-1 Rules > Couldn't you create an object for that interface and use the 'Install On' > column? > > ----- Original Message ----- > From: "Hiemstra, Brenno" <[EMAIL PROTECTED]> > To: "'Fransiscus Ruswahyudi'" <[EMAIL PROTECTED]>; > <[EMAIL PROTECTED]> > Sent: Friday, November 23, 2001 9:17 AM > Subject: RE: Checkpoint FW-1 Rules > > > > afaik that's not possible in CP FW1 (not a very good thing unfortunately) > > > > > -----Original Message----- > > > From: Fransiscus Ruswahyudi [SMTP:[EMAIL PROTECTED]] > > > Sent: vrijdag 23 november 2001 8:37 > > > To: [EMAIL PROTECTED] > > > Subject: Checkpoint FW-1 Rules > > > > > > Hello there! > > > > > > I'm using Checkpoint FW-1, > > > I have no idea about how to bind a rule only for > > > particular interface (not on all interfaces)? > > > > > > Warm Regards > > > Ruswahyudi > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > > > http://geocities.yahoo.com/ps/info1 > > > _______________________________________________ > > > Firewalls mailing list > > > [EMAIL PROTECTED] > > > http://lists.gnac.net/mailman/listinfo/firewalls > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
