Re: Setting up Tiny Personal Firewall?

From: Lord Shaolin (abuse_at_127.0.0.1)
Date: 10/10/03 

Date: Fri, 10 Oct 2003 10:09:35 +0100

"Ken Knecht" <kenkknot@deruknot.com> wrote in message
news:Xns940FAE58262ACkenkderucom@140.99.99.161...
> I'm trying to set up Tiny Personal Firewall v2.0.15.
>
> What are some rules of thumb about permitted ports and services?
>

Excellent choice of FW.

The rule of thumb is Shaolin's security mantra!

"Deny everything, allow only what you explicitly require"

So the first thing you do is make a deny all rule, both directions, all
protocols to and from all sources/destinations.

Then above this you add granular rules on an application by application
basis.

Say Eudora for example, it's a mail client, it doesn't need all ports.

Give is 110 for pop3 and 25 for SMTP (you can even lock these further to the
specific IP's of your mail servers)

DNS for example you should only be contacting 2 specific IP's (the 2 DNS
servers allocated by your ISP).

ICMP doesn't matter all that much, I block most types but allow for ping and
traceroute.

Anything else deny it, it something stops working, work out what it is, what
it needs to do and what's the minimum it can function with and give it that.

A good one to add is a Loopback rule aswell

All applications destination 127.0.0.1 TCP and UDP allow

I have a GIF of my setup I think from a while back:

http://www.darknet.org.uk/content/files/TPF.gif

As you see I keep everything seperate

Make 3 rules for each application, In Out and Block (or 2 if it only needs
either In or Out)

Set Block rule to alert, so if an application behaves outside its normal
scope you know about it.

I have Block badstuff at the bottom aswell to alert me on certain things.

Good luck

HTH 

-- 
                       -+ Shaolin +-
 Discard what is useless, absorb what is not and
            add what is uniquely your own.
       .: http://www.security-forums.com :.