CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3.
2. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Services
Blocking ICMP packets of a particular length Blocking ICMP packets of a particular length
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2005-08-12
Administrator
  
Join Date: 2005-08-11
Location: San Francisco, CA
Posts: 582
Rep Power: 10
BarryStiefel has disabled reputation
Default Blocking ICMP packets of a particular length
Blocking ICMP packets of a particular length



As from FireWall-1 NG FP3 SmartDefense blocks by default ICMP packets exceeding 64 bytes in size.

In previous versions you had to define a service of type Other. Put the following in the match field:

icmp, ip_len > 100

If using NG, set the protocol number to 1 and only put:

ip_len > 100

in the match field.

This will match any ICMP packets greater than 100 bytes in length (including headers). Create a rule with this new service to drop the packet.

-- GuyR - 18 Jan 2004

FAQForm FAQs.Class: ServicesFAQs FAQs.OS: FAQs.Version:
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -7. The time now is 14:37.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0