Re: Would these firewall rules work for me?
From: bensmyth (noreply_at_test.com)
Date: 03/31/05
- Next message: bensmyth: "Re: Free Firewall software"
- Previous message: bensmyth: "Re: Would these firewall rules work for me?"
- In reply to: bensmyth: "Re: Would these firewall rules work for me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Mar 2005 17:10:46 +0100
> Your going about things the wrong way!!
>
> Deny everything, unless you explicitly require it.
>
> eg.
> src, s_port, dest, d_port, permission, comment
> *, *, *, 80, allow, //Allow HTTP
> *, *, *, >=1024, allow, //Allow responses to unprivileged ports
> *, *, *, *, deny, //default deny
>
> You will of course have to add rules for everything else...
> FTP, SMTP, DNS are all musts hence
> *, *, *, 20, allow, //FTP
> *, *, *, 21, allow, //FTP
> *, *, *, 25, allow, //SMTP
> *, *, *, 53, allow, //DNS
To be more secure would the following be more secure:
src, s_port, dest, d_port, permission, comment
*, *, *, 80, allow, //HTTP outgoing
*, 80, *, >=1024, allow, //HTTP incoming
*, *, *, 25, allow, //SMTP outgoing
*, 25, *, >=1024, allow, //SMTP incoming
*, *, *, *, deny, //default deny
- Next message: bensmyth: "Re: Free Firewall software"
- Previous message: bensmyth: "Re: Would these firewall rules work for me?"
- In reply to: bensmyth: "Re: Would these firewall rules work for me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
