[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: FIREWALL STRATEGY (What do you think?)



On Thu, Apr 29, 1999 at 07:26:18AM +0200, Manel Marin wrote:
> Hello!
> 
> I use Linux at home, I use Linux at works, I love Linux.
> 
> I see now that there are two diferent strategies to build a firewall for home
> and works, when I have no services to provide to internet, and I just want
> to protect my systems/lans...
> 
> 1 TO BE NOT SEEN
> Deny any tcp connection from outside (SYN packets, "-y" option of ipfwadm)
> Deny any ICMP
> Accept only access to ports 1024-5999 and 6010-65535 by tcp and udp

This is my vote if you don't want to be bothered.

> 
> 2 TO SIMULATE A WINDOWS PC
> Accept any ICMP
> Reject any tcp connection from outside
> Accept only access to ports 1024-5999 and 6010-65535 by tcp and udp
> Reject any other thing

Do this if you want to have some fun. You could set up a "prison" and see if
you can trap someone in it. You better be good if you do this. See "An Evening
with Berferd" for an entertaining story of when Bill Cheswick did this at
AT&T.
-- 
/-------------------------------------------------------------------------\
| Jason Murray - jmurray (at) computer (dot) org                          |
| "Against stupidity, the gods themselves contend in vain"                |
\-------------------------------------------------------------------------/


Reply to: