[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Question on creating a rule
If I understand your question correctly, this is what the "stateful" in "stateful inspection" takes care of. (I believe it's actually a bit more thorough than just "established", checking for instance that sequence numbers make sense and so on, to limit session hijacking and man-in-the-middle attacks.) When the firewall sees the exchange which sets up a session between client and server (assuming it has a rule which allows client to contact server for this service), it adds a temporary entry to a table of current sessions. It will recognize (and permit) the subsequent traffic that makes up the session -- and drop it when the session ends. [In contrast, the router "established" criterion may look only at whether the current packet has the SYN flag unset, and so may be sidestepped by deliberately crafted packets.] David Gillett -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Dalila Despinos Sent: Monday, August 05, 2002 10:35 AM To: [email protected] Subject: [FW-1] Question on creating a rule Hello, I'm sort of new to CP. I know how to create a rule that will allow any IP to a web app, I'm running on an internal box, but I don't know how to create it specific to 'only for established connections'. Any help would be appreciated. Dalila Despinos Software Support Team, Inc. 3900 Woodlake Boulevard, Suite #200 Lake Worth, FL 33411officefax ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|