If you create an ICMP service and use this as the match statement:
icmp_type=ICMP_UNREACH and icmp_code=4
then you will be able to filter on the need fragmentation ICMP's.
This would work for other codes as well.
---------------------------------------------------------------------
Jason Gross
Network & Communications Services
Platform Engineering & Operations Services
United Space Alliance
[EMAIL PROTECTED]
V: (321) 799-6601 F: (321) 799-5970
-----Original Message-----
From: hermit1 [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 20, 2000 12:05 PM
To: Ameet Chaubal; [EMAIL PROTECTED]
Subject: Re: [FW1] FW1 ICMP fragmentation needed subtype
If you find out, please let me know. I ended up using the dest-unreachable
service, which appears to let all type 3 codes through, not what I really
wanted.
hermit1
At 09:57 AM 7/20/00 -0400, Ameet Chaubal wrote:
>Hi all
>
>I am using Checkpoint FW 1
>How do I make a rule to allow ICMP Destination Unreachable subtype
>"Fragmentation Needed # 4" to go thr'.
>Checkpoint does not seem to let me specify subtypes.
>
>Thanks
>
>ameet
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
