I've just upgraded to CP2000, and I since I was at it, I used the
opportunity to
clean up my rulebase a little.
I threw out all the implied rules and set what was needed back up
"manually".
I thought I'd seen the answer to this on the list once, but I haven't been
able to find it in the archives.
Here's the question:
In adding rules to allow ping / traceroute, I added a rule to allow incoming
ICMP dest-unreachable, echo-reply and time-exceeded.
Now why a time-exceeded message? This goes to how traceroute
works, I suppose.
I'm guessing that traceroute sends out packets with an increasing TTL,
until an echo-reply from the destination comes back. Is this correct?
Cheers,
Anders RM :)
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
