Re: 'Generic' Firewall Rulesets?
There is an excellent book on just this topic by a fellow named Robert
L. Ziegler, published by New Riders and called <emph>Linux
A good general discussion of the issues and a couple of good recipies.
Also some useful resources at openna.com Gmourani's book has some
ipchains recipies as well.
On Sat, 4 Nov 2000, Troy Telford wrote:
> Having looked and not found, I'm asking here:
> Is there any place where I can find a general ruleset for a firewall?
> And, moreover, while many howto's mention how to specify a rule for a
> ruleset, they do not specify *what* rules are good/bad/ugly, etc.
> For instance:
> Even though packets coming from an FTP port are allowed (supposedly to
> allow FTP downloads...), apt-get is unable to function properly.
> Moreover, I have no idea what a 'good' ruleset to simply allow FTP
> requests from my machine (such as those made by an FTP client on my
> machine, apt-get, etc.) are reasonably secure. And, in my case, I have
> incoming FTP disabled, but is there a way to block packets at the
> firewall (from people requesting FTP services on my computer), while
> allowing my FTP requests to go unhindered?
> In fact, I couldn't really find any good information on general firewall
> construction. I could find information on how to set a rule for the
> firewall; but now I need to find information on *what* kind of rules are
> good, and why (and what is bad, and why).
> Another Example: From what I understand, all TCP/UDP ports above 1024
> are 'user' ports, and have no services attatched to them. What kind of
> possible security problems/other risks are involved by having these
> ports essentially 'open' to the world? What is the tradeoff with
> closing them off?
> For my particular situation, the computer is connected directly to the
> internet on a campus network. I want to be able to have a good 'basic'
> firewall ruleset that will allow me to do my normal tasks as though
> there were no firewall active, yet filter out all incoming connection
> requests (such as telnet, ftp, etc.). I'm running kernel 2.4.0-test9; I
> have iptables figured out and can apply rulesets just fine. It's
> knowing what rules make sense and what ones don't that I need help on.
> I'm more interested in learning how to create a good firewall than
> simply having one. (So I can make one from scratch should I ever have a
> specific need).
> Thanks for any help offered. I hope I didn't run in too many circles!
> To UNSUBSCRIBE, email to firstname.lastname@example.org
> with a subject of "unsubscribe". Trouble? Contact email@example.com