You can add an entry to the user.def that will allow out of state packets
for one service. Her is the example for http from the documentation.
deffunc user_accept_non_syn() {
( /* allow only non-http connections to start with a non-SYN packet */
(dport!=80, sport!=80) or 0
)
};
You should be able to use the same text but replace with port 23.
I hope that helps.
-Scott
On 3/2/07, Pedro Boavida <pboavida AT cesce DOT pt> wrote:
Hi,
Is the telnet the only service you have defined for tcp/23 ?
Once the tcp session is established, I believe there are no different
timeouts for each kind of subsequent packet.
Best regards,
PB
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:
FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of pkc_mls
Sent: sexta-feira, 2 de Março de 2007 13:35
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: Re: [FW-1] telnet timeout : tcp packet out of state
Matthias Leu a écrit :
> Hi,
> you can adapt the timeout per service.
> Have a look at the object representing the service and select
> 'Advanced'. Here you can chose an individual timeout for e.g. telnet.
> Hope it helps,
> best regards,
> Matthias
>
I already tried to modify the timeout for telnet, without success.
the issue comes from the push-ack, and I don't think there is a specific
timeout for this type of packets.
___________________________________________________________________________
Yahoo! Mail réinvente le mail ! Découvrez le nouveau Yahoo! Mail et son
interface révolutionnaire.
http://fr.mail.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to
LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options,
email fw-1-owner AT ts.checkpoint DOT
com=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
