it is quite possible that -any- firewall may be incorrectly configured.. I would have to say that a good portion of firewalls are running in production mode with incorrect configurations. If you read -further- into the FW-1 documentation it states that it is highly advisable to enable "control ip forwarding at boot". ..with this option enabled, fw-1 will make sure the interface does not come up until the security policy is loaded and in place. If you are running firewall-1 v3.0b, it is time to upgrade... 4.0 is out and has many a fix added. -Warren Barrow/CCSE At 08:09 AM 3/29/99 -0300, you wrote: >Quoting Christoforos Karatzinis <chkaat_private>: > >Hi, > The FW1 documentation clearly states that there is >a small delay after the interface initialize's and the >FW starts acting on it. It is possible to do something >"bad" to it in this period... > >Regards, >Cristiano Lincoln Mattos >Recife / Brazil > >> The first 25 packets were lost before the interface's >initialization. The >> packets with sequence number greater than 34 are droped >from the firewall. >> What about the packets with sequence number 25-34? Is it >possible that >> someone can use this time (after the interface's >initialization and before >> the firewall's initialization) to do something bad? >> >> Regards, >> Christofer > >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:40:59 PDT