FIREWALL STRATEGY (What do you think?)

To: Debian Firewall <debian-firewall@lists.debian.org>
Subject: FIREWALL STRATEGY (What do you think?)
From: Manel Marin <uni00771@pc-internet.com>
Date: Thu, 29 Apr 1999 07:26:18 +0200
Message-id: <[🔎] 19990429072618.A237@p166>

Hello!

I use Linux at home, I use Linux at works, I love Linux.

I see now that there are two diferent strategies to build a firewall for home
and works, when I have no services to provide to internet, and I just want
to protect my systems/lans...

1 TO BE NOT SEEN
Deny any tcp connection from outside (SYN packets, "-y" option of ipfwadm)
Deny any ICMP
Accept only access to ports 1024-5999 and 6010-65535 by tcp and udp

2 TO SIMULATE A WINDOWS PC
Accept any ICMP
Reject any tcp connection from outside
Accept only access to ports 1024-5999 and 6010-65535 by tcp and udp
Reject any other thing


ABOUT TO BE NOT SEEN:
I have to accept ICMP type 3 packets "destination unreachable", they are
used to MTA size negotiation, so I will not be completely not seen...


Both works, what is the better?
- What do you think?


Best regards,
-- 
--------------------------------
Manel Marin   e-mail: uni00771@pc-internet.com
Linux Powered (Debian 2.0)
--------------------------------

Reply to:

Follow-Ups:
- Re: FIREWALL STRATEGY (What do you think?)
  - From: Bernd Eckenfels <lists@lina.inka.de>
- Re: FIREWALL STRATEGY (What do you think?)
  - From: Jason Murray <jmurray@interlog.com>

Prev by Date: Re: shutting out an IP
Next by Date: Re: FIREWALL STRATEGY (What do you think?)
Previous by thread: Re: shutting out an IP
Next by thread: Re: FIREWALL STRATEGY (What do you think?)
Index(es):
- Date
- Thread