checkpoint firewall default deny?
in [Firewalls]
|
From: man.postman on 16 Feb 2005 00:00 Does any body know the default deny rules in checkpoint firewall? Looks like, by default it does not allow all traffic. How can I find out what all gets blocked by default? thanks.
From: Greg Hennessy on 16 Feb 2005 05:29 On 15 Feb 2005 21:00:26 -0800, man.postman(a)gmail.com wrote: >Does any body know the default deny rules in checkpoint firewall? Its a 'default deny', what do you think it does. > Looks like, by default it does not allow all traffic. Like Duh. >How can I find out what >all gets blocked by default? If you've crafted the policy properly the last rule will do that for you. greg > >thanks. -- Yeah - straight from the top of my dome As I rock, rock, rock, rock, rock the microphone
From: Greg Hennessy on 16 Feb 2005 09:23 On 16 Feb 2005 05:35:03 -0800, "Munpe Q" <funyon(a)gmail.com> wrote: >Dude, the default policy that denies ANY is the same on any firewall >man. It's ANY protocol and ANY port on said ANY protocol. Got ANY >idea what you are doing? I assume you really meant to reply to the OP. greg -- Yeah - straight from the top of my dome As I rock, rock, rock, rock, rock the microphone
From: Brian Scottberg on 16 Feb 2005 09:50 In NG, each service defined in the GUI has an option labeled "Match for Any" in the advanced properties. If this property is checked, the service will be included in "Any." Services that do not have this checked will not be included in the "Any" definition. The following is a non-exhaustive list of services in FireWall-1 4.1 and earlier that will require explicit rules with the explicit service to be allowed correctly (i.e. "any" will not allow these services) which was derived from a cursorary look at the INSPECT files inlcuded in $FWDIR/lib: a.. FTP b.. RPC c.. sunRSH d.. REXEC e.. VDLLive f.. Real Audio g.. RTSP h.. SQL*Net2 i.. FreeTel j.. CoolTalk k.. H.323 l.. NetShow m.. Winframe n.. Backweb o.. IIOP p.. CVP q.. RTSP r.. X11 Does this answer your question? <man.postman(a)gmail.com> wrote in message news:1108530026.721318.91620(a)c13g2000cwb.googlegroups.com... > Does any body know the default deny rules in checkpoint firewall? Looks > like, by default it does not allow all traffic. How can I find out what > all gets blocked by default? > > thanks. >
From: Greg Hennessy on 17 Feb 2005 18:25
On 17 Feb 2005 13:59:03 -0800, "smooter" <smooter(a)gmail.com> wrote: >Short note on the "drop noisy traffic" reference above (i.e. NBT), >don't log that traffic either! > A sensible measure regardless of firewall tech used, e.g ~ # cat /etc/pf-nbt.conf Ext="fxp1" RPC_NBT="{ epmap, netbios-ns, netbios-dgm, netbios-ssn, microsoft-ds }" # Explicitly drop NBT on external interface block quick on $Ext inet proto {tcp,udp} from any to any port $RPC_NBT is what I use here. >Nothing worse than sorting through a log and having to change the >filter criteria all the time because there is so much NBT/etc. noise >going on that you can't see the results of what your testing. It's pointless logging it in the 1st place, log sizes explode if you do. It bad enough in some environments having to logswitch hourly to handle volumes without making the problem worse. >However, one should really get used to setting up and using the filters >in Checkpoint log viewer tools! Once you do, you will wish you had >used the filters before! Give CKP their due, they are in a class of their own w.r.t interactive log analysis on the fly. The tool is that quick and useful. greg -- Yeah - straight from the top of my dome As I rock, rock, rock, rock, rock the microphone |