RE: Closing holes with out a firewall

From: Mark L. Jackson (mark_l_jackson@iname.com)
Date: 01/08/02


From: "Mark L. Jackson" <mark_l_jackson@iname.com>
To: "Damon Sisola" <dsisola@osius.com>, "'Holland, Stephen'" <Stephen.Holland@Nextel.com>, <security-basics@securityfocus.com>
Date: Mon, 7 Jan 2002 22:15:15 -0800


> Look at IPSec policies instead, they are much more flexible
> in rules and

I am not so sure about that. If I remember correctly you have to block
all or none. For instance: if you want to block ICMP ECHO, you have to
block all ICMP requests.