[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Any-->does this include....
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > -----Original Message----- > From: [email protected] [mailto:[email protected]] > Sent: Friday, February 09, 2001 8:47 AM > > Correct me if I am wrong, but I think allowing ICMP is part > of the policy > properties. > > I apologize if I am wrong here, I don't have a FW-1 box infront of > me right now. > > The email that I replied to said that any any any accept was > = a router. > > This is FAR from the truth. (Although I wish it was the truth) I don't have that email anymore, but I think the poster was trying to say that Any-Any-Any does not impose any access control restrictions based on source and destination address, and service/protocol. So in essence, yeah would behave like a router if routing is allowed on the box and no address translation rules are in effect. Any as a service includes more than just ICMP. ICMP in the policy allows a subset of the ICMP protocol such as echo, reply, traceroute etc. But there are more IP protocols besides ICMP, TCP and UDP. If you were to allow inbound traffic to a PPTP server for example, you would have a rule that specifies src-dst-GRE, which would allow the GRE protocol (IP protocol 47) to pass through. IPSec is another IP protocol. As far as I know, using any will allow GRE, IPSEc and other IP protocols through. So the statement of TCP/UDP highports was incorrect (what about TCP/UDP low ports? ;) Any is more like any any day if anyone cares anymore anyway... Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME encrypted email preferred. iQA/AwUBOoQUZZytSsEygtEFEQI//gCeMFrj+IRyBtZe/VPHDTKC+GzJo+4AnRzp A55x1WaflYWvV+7NVwtXQjiB =1IaS -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|