Adding new rules to the firewall

Adding new rules to the firewall

Post by Ieong Sze Chung Ric » Fri, 31 Oct 1997 04:00:00



[ Article crossposted from mail.firewalls ]
[ Author was Ieong Sze Chung Ricci ]
[ Posted on 30 Oct 1997 14:16:33 GMT ]

Hello All,

        I would like to ask a question on adding new rules to the
firewall. If I add a new rule to the firewall (in general), do I need to
restart the firewall again?

        For example, if I re-load new rules to the Cisco router, do I need
to reboot the router? If I use other routers, as firewall, do I need to
reboot them? How about software packet filtering tools such as screend or
KarlBridge?

        How about application gateway firewall? If I use TIS fwtk or
gaultet proxies, do I need to reboot them? Whereas for Microsoft proxy,
and Interlock is restart of daemons required?

        If any one has such information please email or follow up the
thread. Thanks.

Ricci

--
                                                Ricci Ieong Sze-Chung
              _v_
             <_H_>                        .___,
    `==_       |       _=='             |  _ \   _                _
    ~~~~~~/   / \   \~~~~~~             | (_) | (_)   ___   ___  (_)
   ~~~~~~|   |   |   |~~~~~~            | ,_ /   _   /  _) /  _)  _
    ~~~~~~\  |   |  /~~~~~~             | | \ \ | | |  (_ |  (_  | |
      ~~~~~|  \ /  |~~~~~~              |_|  \_\|_|  \___) \___) |_|
        ~~~~\/ T \/~~~~~         **********************************************
         ~~/~\ | /~\~~           *                                            *
          / ~~|||~~ \            * Ieong Sze Chung Ricci                      *

        /      |      \          * Office: Rm 4214                            *
                                 * Office Tel.: 2358 8838                     *
                                 * Hall Tel.: 2358 8567                       *
                                 **********************************************
                                 *   Welcome to have a cup of tea with me !   *
                                 *                                            *
                                 *      The history of the Milky Way          *
                                 *          is turned to another page.        *
                                 *                                            *
                                 *          On board of Brunhild,             *
                                 *           in UST star system,              *
                                 *         Admiral ricci der onion            *
                                 **********************************************

 
 
 

Adding new rules to the firewall

Post by Neil Brisc » Fri, 31 Oct 1997 04:00:00




> Hello All,

Yo!

Quote:>    I would like to ask a question on adding new rules to the
> firewall. If I add a new rule to the firewall (in general), do I need to
> restart the firewall again?

Thus far, on the Cisco routers I've used, if you add new filters, they
take place now.  The only thing you have to remember is that you need to
copy the running-config to startup-config - otherwise your new rules won't
survive a power-out/reboot - but its useful to ensure that the new rules
are working the way you want, before you commit them.  If they don't work,
you can reboot the router and lose the new rules that didn't work the way
you wanted - if thats easier than just reversing their entries.  In most
cases - with Cisco access-lists - you have to delete the whole access list
and then add back the entries you want - so rebooting - if not committed -
is easiest.

For the firewall I'm most familiar with, you add new rules, and then you
commit them.  On committing those rules become active, and are permanent,
unless you remove them again and commit the new rule set.

So, on Cisco's rebooting is necessary only if you want to vape the new
rules you've added, on the firewall I use - no rebooting is necessary at
all.

Regards
Neil

 
 
 

Adding new rules to the firewall

Post by mayer han » Sat, 01 Nov 1997 04:00:00


hi Ieong Sze Chung Ricci !

checkpoints firewall needs compiling ( as part of the ip-kernel )
and loading the new rule-set.

connections currently running over the firewall
are not effected by this action. ( normaly )





Quote:

>Hello All,

>    I would like to ask a question on adding new rules to the
>firewall. If I add a new rule to the firewall (in general), do I need to
>restart the firewall again?

 
 
 

Adding new rules to the firewall

Post by terr.. » Sun, 02 Nov 1997 04:00:00


Cisco configuration entries take effect when you type 'return' at the
net of the configuration command.  The same is true with TIS Gauntlet.
It may not be true with other firewalls.  You can easily try a simple
test (turn it on, turn it off) to try other firewalls.
Bill


> [ Article crossposted from mail.firewalls ]
> [ Author was Ieong Sze Chung Ricci ]
> [ Posted on 30 Oct 1997 14:16:33 GMT ]

> Hello All,

>         I would like to ask a question on adding new rules to the
> firewall. If I add a new rule to the firewall (in general), do I need to
> restart the firewall again?

>         For example, if I re-load new rules to the Cisco router, do I need
> to reboot the router? If I use other routers, as firewall, do I need to
> reboot them? How about software packet filtering tools such as screend or
> KarlBridge?

>         How about application gateway firewall? If I use TIS fwtk or
> gaultet proxies, do I need to reboot them? Whereas for Microsoft proxy,
> and Interlock is restart of daemons required?

>         If any one has such information please email or follow up the
> thread. Thanks.

> Ricci

> --
>                                                 Ricci Ieong Sze-Chung
>               _v_
>              <_H_>                      .___,
>     `==_       |       _=='             |  _ \   _                _
>     ~~~~~~/   / \   \~~~~~~             | (_) | (_)   ___   ___  (_)
>    ~~~~~~|   |   |   |~~~~~~            | ,_ /   _   /  _) /  _)  _
>     ~~~~~~\  |   |  /~~~~~~             | | \ \ | | |  (_ |  (_  | |
>       ~~~~~|  \ /  |~~~~~~              |_|  \_\|_|  \___) \___) |_|
>         ~~~~\/ T \/~~~~~         **********************************************
>          ~~/~\ | /~\~~           *                                            *
>           / ~~|||~~ \            * Ieong Sze Chung Ricci                      *

>         /      |      \          * Office: Rm 4214                            *
>                                  * Office Tel.: 2358 8838                     *
>                                  * Hall Tel.: 2358 8567                       *
>                                  **********************************************
>                                  *   Welcome to have a cup of tea with me !   *
>                                  *                                            *
>                                  *      The history of the Milky Way          *
>                                  *          is turned to another page.        *
>                                  *                                            *
>                                  *          On board of Brunhild,             *
>                                  *           in UST star system,              *
>                                  *         Admiral ricci der onion            *
>                                  **********************************************

 
 
 

1. execute (adding/deleting firewall rules) via web interface

Hi,
    what are the requirements in file permission, if I want to add / delete
ipchains rule via php web-interface (apache server - user:apache,
group:apache) ?
Of course I can execute commands like pwd, route, mkdir test, ls, etc, but
not those commands , e.g ipchains -L, you need a special permission to do
that. Any hints ?

cheers,
Vincent.

2. Setting up ppp using RH 5.1

3. new rules poping up in the firewall!

4. Weird behavior: server push animation w/o CGI

5. Adding new quorum device, unable to do a new disks probing...

6. problems with wireless-tools and gentoo 1.4

7. I NEED ADD A NEW ROUTER TO ACCESS TO A NEW SUBNET

8. Redhat 4.0

9. Firewall rules problem for ssh

10. firewall rules problem for ssh...

11. get firewall rules

12. firewall rules

13. default firewall rules