Re: [fw-wiz] Personal Firewall Rules
From: Vinicius Moreira Mello (fake-anti-spam-addr_at_inf.ufrgs.br)
Date: 07/26/04
- Previous message: Spearman, William CONT (FISC YOKO): "[fw-wiz] (no subject)"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Personal Firewall Rules"
- Next in thread: Ng Pheng Siong: "Re: [fw-wiz] Personal Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards <firewall-wizards@honor.icsalabs.com> Date: Sun, 25 Jul 2004 23:37:51 -0300
Marcus J. Ranum wrote:
>>Something like Zonelabs/Internet Security
>>What rules should be put?
>
>
> Zonelabs will help you set up a policy, starting from "allow nothing"
> As a general rule:
> - allow nothing
> - if you must allow something allow it outgoing only
> - if you must allow something incoming allow it only to software
> you have good reason to trust
>
> mjr.
Just a note: some Windows systems, most notably Windows XP, tend to
fight for being the "Master Domain Browser" when they don't receive some
SMB packets. When this happens it can make all computers invisible at
the "workgroup window" for the other Windows clients. Also, in a domain
context, it can take several minutes for a user to log off. I saw this
happening twice, I have no more details, I only known that disabling the
firewall solves the problem.
Ok, ok, I won't tell you "block everything and *just* permit
(135,445)/tcp". But allow nothing with care ;)
Regards,
vmm.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Spearman, William CONT (FISC YOKO): "[fw-wiz] (no subject)"
- In reply to: Marcus J. Ranum: "Re: [fw-wiz] Personal Firewall Rules"
- Next in thread: Ng Pheng Siong: "Re: [fw-wiz] Personal Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
