Sample INSPECT Code

Now that I have talked about how INSPECT works and how your rulebase translates to INSPECT code, I can show you some sample INSPECT code.

WARNING!

Exercise appropriate caution before implementing any of this code in a production network. This includes testing in a nonproduction environment to ensure the code does what you expect.

Check Point allows you to place custom INSPECT scripts in $FWDIR/lib/user.def. Check Point does not overwrite this file during an upgrade; therefore, it is the recommended location for any custom INSPECT code. All INSPECT changes should be done on the management console. A policy reinstall is required ...

Get Essential Check Point™ FireWall-1® NG: An Installation, Configuration, and Troubleshooting Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.