Firewall Wizards mailing list archives
Re: Gauntlet Rule Interpretation
From: "Marcus J. Ranum" <mjr () nfr com>
Date: Wed, 13 Feb 2002 11:49:38 -0500
Johann van Duyn wrote:
I am arguing with our network manager regarding the interpretation of Gauntlet (on BSD Unix) rulesets. My knowledge of Gauntlet is not very deep, but I can read, and I am sure that I am interpreting the rules correctly.
I'm not sure if I can accurately answer your question(s) because my knowledge of Gauntlet is rather dated but I used to be pretty familiar with that product...
The ruleset says NOTHING specific about SNMP traffic, either by proxy name or by port number.
Right. The original Gauntlet didn't recognize the existence of SNMP at all. It's such a disastrously bad protocol, from a security standpoint, that the original designers of Gauntlet never thought anyone would want to let it through a firewall at all! :)
However, some of our rules look like this: authenIP: permit-forward -if ef1 -proto * -srcaddr a.b.c.d:255.255.255.255 -dstaddr w.x.y.z:255.255.255.255 -srcport * -dstport * authenIP: permit-forward -if exp0 -proto * -dstaddr a.b.c.d:255.255.255.255 -srcaddr w.x.y.z:255.255.255.255 -dstport * -srcport * Surely such a rule would let SNMP traffic from a.b.c.d to w.x.y.z and vice-versa? Or am I missing something here?
Yeah, it looks like that, but I think that's the VPN layer stuff. AuthenIP is authenticated; so it's acting as a tunnel for that traffic but I don't think it will let through random Internet traffic including SNMP. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Gauntlet Rule Interpretation Johann van Duyn (Feb 13)
- Re: Gauntlet Rule Interpretation Marcus J. Ranum (Feb 13)
- <Possible follow-ups>
- RE: Gauntlet Rule Interpretation Meenoo_Shivdasani (Feb 13)