Gauntlet Rule Interpretation

["Johann van Duyn" <Johann_van_Duyn () bat com>]

Hi there...

I am arguing with our network manager regarding the interpretation of
Gauntlet (on BSD Unix) rulesets. My knowledge of Gauntlet is not very deep,
but I can read, and I am sure that I am interpreting the rules correctly.

The ruleset says NOTHING specific about SNMP traffic, either by proxy name
or by port number.

However, some of our rules look like this:

        authenIP: permit-forward -if ef1 -proto * -srcaddr
a.b.c.d:255.255.255.255 -dstaddr w.x.y.z:255.255.255.255 -srcport *
-dstport *
        authenIP: permit-forward -if exp0 -proto * -dstaddr
a.b.c.d:255.255.255.255 -srcaddr w.x.y.z:255.255.255.255 -dstport *
-srcport *

Surely such a rule would let SNMP traffic from a.b.c.d to w.x.y.z and
vice-versa? Or am I missing something here?

Where else (other than the main rulebase, where searches for 'SNMP', '161'
and '162' are fruitless) should I look to find if SNMP traffic is indeed
blocked? Even if the SNMP proxy were disabled, wouldn't the Gauntlet act as
a stateful proxy filter given the above rule (-srcport * -dstport *)?

Thanks!

-----------------------------------------
Johann van Duyn

Confidentiality Notice: The information in this document and
attachments is confidential and may also be legally privileged.
It is intended only for the use of the named recipient. Internet
communications are not   secure and therefore British American
Tobacco does not accept legal responsibility for the contents of
this message. If you are not the intended recipient,please notify us
immediately and then delete this document. Do not disclose the
contents of this document to any other person, nor take any copies.
Violation of this notice may be unlawful.


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards