LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-15-2007, 04:05 AM   #1
Chris594
Member
 
Registered: Oct 2005
Posts: 51

Rep: Reputation: 15
hardware firewall port policy advice needed


Hello,
I was thinking of building a hardware firewall using m0n0wall or ipcop.
As I'm quiet new to *nix and only have I few experience with network setup I thought that I should have a look in my d-link DFL-200 hardware firewall.
This is the standard configuration policy for the ports:

igmp IP Protocol: 2
rsvp IP Protocol: 46
gre-encap IP Protocol: 47
ipsec-esp IP Protocol: 50
ipsec-ah IP Protocol: 51
ipsec-natt UDP: All -> 4500
ipip-encap IP Protocol: 94
ipcomp IP Protocol: 108
l2tp-encap IP Protocol: 115
ipsec-natt UDP: All -> 4500
echo TCP/UDP: All -> 7
chargen TCP/UDP: All -> 19
ssh TCP: All -> 22
ssh-in TCP: All -> 22 SYN Relay
telnet TCP: All -> 23
smtp TCP: All -> 25
smtp-in TCP: All -> 25 SYN Relay
time TCP/UDP: All -> 37
dns-tcp TCP: All -> 53
dns-udp UDP: All -> 53
dns-all TCP/UDP: All -> 53
bootps UDP: All -> 67
bootpc UDP: All -> 68
tftp UDP: All -> 69
gopher TCP: All -> 70
finger TCP: All -> 79
http TCP: All -> 80
https TCP: All -> 443
http-in TCP: All -> 80 SYN Relay
https-in TCP: All -> 443 SYN Relay
http-outbound TCP: All -> 80 ALG: "http-cf", max 100
pop3 TCP: All -> 110
sun-rpc TCP: All -> 111
ident TCP: All -> 113
nntp TCP: All -> 119
ntp TCP/UDP: All -> 123
epmap TCP/UDP: All -> 135
netbios-name UDP: All -> 137
netbios-dgm UDP: All -> 138
netbios-ssn TCP: All -> 139
microsoft-ds TCP: All -> 445
imap TCP: All -> 143
snmp UDP: All -> 161
snmp-trap UDP: All -> 162
ldap TCP/UDP: All -> 389
ldaps TCP: All -> 636
ike UDP: All -> 500
rexec TCP: All -> 512
rlogin TCP: All -> 513
rcmd TCP: All -> 514
syslog UDP: All -> 514
lpr TCP: All -> 515
ms-sql-s TCP: All -> 1433
ms-sql-m TCP/UDP: All -> 1434
wins TCP/UDP: All -> 1512
l2tp-ctl UDP: All -> 1701
pptp-ctl TCP: All -> 1723
rdp TCP: All -> 3389
radius UDP: All -> 1812
radius-acct UDP: All -> 1813
nfs-udp UDP: All -> 2049
nfs-tcp TCP: All -> 2049
nfs-all TCP/UDP: All -> 2049
ping-outbound ICMP: Echo (Ping) Return ICMP Errors
ping-inbound ICMP: Echo (Ping) [Edit]
traceroute-udp UDP: All -> 33434-33499 Return ICMP Errors
ftp-inbound TCP: All -> 21 ALG: "ftp-inbound", max 100
ftp-outbound TCP: All -> 21 ALG: "ftp-outbound", max 100
ftp-passthrough TCP: All -> 21 ALG: "ftp-passthrough", max 100
http-all TCP: All -> 80, 443
http-in-all TCP: All -> 80, 443 SYN Relay
smb-all TCP/UDP: All -> 135-139, 445
GUI TCP: All -> 4001

My question is can use the same rules/ip tables for my m0n0wall/ipcop firewall?
do I actually need them all? It seems to me tha GUI,smb,http,https,nfs and ssh would be sufficient.

Any thoughts/help would be greatly appreciated
thanks in advance

Chris
 
Old 02-15-2007, 05:52 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
yes, you can use iptables rules from one linux box on another linux box (as long as both boxes support the same matches, etc.)... that said, the whole point of a packet-filtering firewall is to allow *only* the packets you need/want, so you should make sure the rules you use do precisely that...
 
Old 02-15-2007, 07:23 AM   #3
Chris594
Member
 
Registered: Oct 2005
Posts: 51

Original Poster
Rep: Reputation: 15
Thanks for clearing that up win32sux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to set the password policy and lockout policy bin_shell Linux - Security 4 03-24-2010 03:30 PM
Samba System Policy, Default User Policy scooter549 Linux - General 2 02-24-2009 02:23 AM
terminal server hardware advice needed uglyugly Linux - Hardware 1 04-24-2004 10:04 AM
Firewall Builder sample firewall policy file ? (.xml) nuwanguy Linux - Networking 0 09-13-2003 12:32 PM
Need Tripwire Policy Advice JimKyle Linux - Security 4 03-03-2002 05:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration