[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: 'Generic' Firewall Rulesets?

There is an excellent book on just this topic by a fellow named Robert
L. Ziegler, published by New Riders and called <emph>Linux

A good general discussion of the issues and a couple of good recipies.

Also some useful resources at openna.com  Gmourani's book has some
ipchains recipies as well.


On Sat, 4 Nov 2000, Troy Telford wrote:

> Having looked and not found, I'm asking here:
> Is there any place where I can find a general ruleset for a firewall?
> And, moreover, while many howto's mention how to specify a rule for a 
> ruleset, they do not specify *what* rules are good/bad/ugly, etc.
> For instance:
> Even though packets coming from an FTP port are allowed (supposedly to 
> allow FTP downloads...), apt-get is unable to function properly.
> Moreover, I have no idea what a 'good' ruleset to simply allow FTP 
> requests from my machine (such as those made by an FTP client on my 
> machine, apt-get, etc.) are reasonably secure.  And, in my case, I have 
> incoming FTP disabled, but is there a way to block packets at the 
> firewall (from people requesting FTP services on my computer), while 
> allowing my FTP requests to go unhindered?
> In fact, I couldn't really find any good information on general firewall 
> construction.  I could find information on how to set a rule for the 
> firewall; but now I need to find information on *what* kind of rules are 
> good, and why (and what is bad, and why).
> Another Example:  From what I understand, all TCP/UDP ports above 1024 
> are 'user' ports, and have no services attatched to them.  What kind of 
> possible security problems/other risks are involved by having these 
> ports essentially 'open' to the world?  What is the tradeoff with 
> closing them off?
> For my particular situation, the computer is connected directly to the 
> internet on a campus network.  I want to be able to have a good 'basic' 
> firewall ruleset that will allow me to do my normal tasks as though 
> there were no firewall active, yet filter out all incoming connection 
> requests (such as telnet, ftp, etc.).  I'm running kernel 2.4.0-test9; I 
> have iptables figured out and can apply rulesets just fine.  It's 
> knowing what rules make sense and what ones don't that I need help on.
> I'm more interested in learning how to create a good firewall than 
> simply having one.  (So I can make one from scratch should I ever have a 
> specific need).
> Thanks for any help offered.  I hope I didn't run in too many circles!
> -Troy
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: