At 08:35 AM 9/29/2005, Maurit Pereira Fagundes wrote:
Hello all,
In global properties there is an option: Accept ICMP requests. I want to
avoid that people in internet ping and run the tracerout command against
my dmz servers.
what is the better way to do this? disabling this option in global
proterties or creating a rule base to do this? If i create a rule base i
must disable this option in rule base?
I create a group called icmp_allow that contains echo request,
time-exceeded, and dest-unreach. All the rest of the icmp services go into
a group called icmp_deny. This way I can allow ping and traceroutes
outbound and deny them inbound.
HTH,
-- Joe
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
