Re: [FW1] How many rules can exists in fw1 ?

DIGEX Grrrrrrrrrl (jgalvinschultz.cs.loyola.edu)
Tue, 22 Sep 1998 14:44:33 -0400 (EDT)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Joseph S. D. Yao: "Re: Penetration testing via shrinkware"
• Previous message: Jason L. Snowden: "Re: FW-1: Questions about DHCP and IPX"
• Maybe in reply to: Jim Hebert: "FW-1: Questions about DHCP and IPX"

What do you mean exeption? How and why does the stateful inspection
module treat them differently?

Well, in any case, that would explain it....

Regards,
Jennifer Galvin

>
> Nope, not in the case of encryption rules, which are an exception to the
> 'first fit' model.
>
> >I was under the impression that it looked at the properties first, that
> >is where the rule 0 comes from and then the order of the rules. Anytime
> >that I have used the fw-1 and tried to setup conflicting rules, the
> >verify portion has always bombed.
> >
> >- Deepak
> >
> >Jennifer Galvin wrote:
> >>
> >> That's how it was explained to me in class. Plus, if you have a rule that
> >> requires encryption between two hosts, and then later on it allows no
> >> encryption between two hosts, FW1 will then pick the rule with less
> >> security, even though it comes after the 1st rule.
> >
>
>

• Next message: Joseph S. D. Yao: "Re: Penetration testing via shrinkware"
• Previous message: Jason L. Snowden: "Re: FW-1: Questions about DHCP and IPX"
• Maybe in reply to: Jim Hebert: "FW-1: Questions about DHCP and IPX"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT