Firewall Wizards mailing list archives
RE: meaning of "both" in a filter statement
From: john madincea <JMadincea () compuserve com>
Date: Tue, 28 Jul 1998 19:53:58 -0400
Hal, there may be other vendor products using this operand, however I've only seem it used within the IBM firewall (formerly called Secured Network Gateway). Its context within this package is used in 2 ways. The first describes which interface the rule is permitted or denied on. An example using "both" might include allowing users from the unsecure (internet) and secured (your wan) interferfaces to HTTP to a webserver in the DMZ off a third interface. Therefore, it allows you to write fewer rules. You have to weight whether its conciseness is more usefull than writing more rules. If you were ever exposed to C code you'll know what I mean. Some people write code and document it very well, while others try to condense it making it harder to understand and maintain. The second use has to do with the routing of the packet. In this case the packet can be destined for the firewall or some other host. Suppose a service (like telnet) is running on a remote host that your internal clients want to connect to. Suppose for some reason that you as the administrator also need to telnet to this host. In this case you can create generic rules that allow the responses from the remote host to respond to your firewall (your sessions) and internal client sessions. In this case if you did not use "both" you would have to write more rules to allow this to happen. The pros and cons are similar to the HTTP example above. Please note that I am not advocating that you utilize this feature as I have found that its best to explicitly write more rules that are easier to maintain. Give consideration for your peers and anyone that may perform your job in the future. You also have to consider all of the other operands being used too. Good Luck, John Madincea -------------Forwarded Message----------------- From: Hal, INTERNET:hal () mrj com To: "'firewall-wizards () nfr com'", INTERNET:firewall-wizards () nfr net Date: 7/28/98 1:45 AM RE: meaning of "both" in a filter statement Sender: owner-firewall-wizards () nfr net Received: from nfr.net (tower.nfr.net [208.196.145.10]) by dub-img-4.compuserve.com (8.8.6/8.8.6/2.12) with ESMTP id BAA19746; Tue, 28 Jul 1998 01:45:09 -0400 (EDT) Received: (from lists@localhost) by nfr.net (8.8.8/8.8.8) id XAA06634 for firewall-wizards-outgoing; Mon, 27 Jul 1998 23:23:43 -0500 (CDT) Received: (from fwiz@localhost) by nfr.net (8.8.8/8.8.8) id XAA06622 for firewall-wizards () nfr net; Mon, 27 Jul 1998 23:23:36 -0500 (CDT) Received: from flash.mrj.com (flash.mrj.com [192.101.175.30]) by nfr.net (8.8.8/8.8.8) with ESMTP id KAA05727 for <firewall-wizards () nfr com>; Mon, 27 Jul 1998 10:00:01 -0500 (CDT) Received: from HAL.mrj.com ([205.160.13.46]) by flash.mrj.com (8.9.0.Beta5/8.9.0.Beta5) with SMTP id KAA26142 for <firewall-wizards () nfr com>; Mon, 27 Jul 1998 10:57:02 -0400 (EDT) Received: by HAL.mrj.com with Microsoft Mail id <01BDB94D.EC065420 () HAL mrj com>; Mon, 27 Jul 1998 11:01:35 -0700 Message-ID: <01BDB94D.EC065420 () HAL mrj com> From: Hal <hal () mrj com> To: "'firewall-wizards () nfr com'" <firewall-wizards () nfr net> Subject: meaning of "both" in a filter statement Date: Mon, 27 Jul 1998 11:01:33 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by nfr.net id KAA05732 Sender: owner-firewall-wizards () nfr net Precedence: bulk Reply-To: Hal <hal () mrj com> This is soemthing of a newbie question but I wonder if anyone can set me straight on it: Many firewalls have rules in the form (Action, interface, source, source-port, destination dest-port) where action is the usual permit/deny, interface is outside or inside, source, destination are what they say and permit wild cards (subnets). OK. My question is this. On some firewalls the interface spec also includes (besides terms for inside, outside, 3rd) a term "both." That means apply the permit/deny on traffic appearing at both inside (trusted) and outside (internet) interfaces. This at first glance seems absurd. It means that traffic going to D from S can move in either direction across the FW. A very unusual arrangement with almost no uses. Obviously there must be a more reasonable explanation Has anyone found an explanation for what "both" really does.? Regards Hal hal () mrj com
Current thread:
- Re: meaning of "both" in a filter statement Joseph S. D. Yao (Aug 02)
- <Possible follow-ups>
- RE: meaning of "both" in a filter statement john madincea (Aug 02)
- Re: meaning of "both" in a filter statement Joseph S. D. Yao (Aug 02)