Defining service for IP Protocol 53 In FireWall-1 NG, you can create a service of type other and specify the IP Protocol number in the service. Click on the "Advanced" portion of the definition to define whether or not reply packets are permitted on this service.
In FireWall-1 4.1 and earlier, you will need to be familiar with INSPECT. The syntax used in the 'Match:' box is that of INSPECT. One such example of a generic service called 'traceroute'
udp, uh_dport > 33000, ip_ttl < 30
The match string above means: the 'traceroute' service object matches any packet:
- of type UDP
- the field 'uh_dport' is greater than 33000
- the ip_ttl is less than 30
'uh_dport' and 'ip_ttl' are defined in $FWDIR/lib/tcpip.def.
If you wish to define new generic service object of ip protocol number 53 in FireWall-1 4.1 and earlier:
- Create a new service object of type 'generic' or 'other'
- For 'Match' string, use: ip_p = 53
This means match any packet that has ip protocol number 53. The macro 'ip_p' is defined in lib/tcpip.def.
--
GuyR - 18 Jan 2004
FAQForm FAQs.Class:
ServicesFAQs FAQs.OS: FAQs.Version:
Defining service for IP Protocol 53 
2005-08-12 
Defining service for IP Protocol 53 
Linear Mode
