Re: 'Generic' Firewall Rulesets?
He has a website with a firewall building tool that works pretty well.
> There is an excellent book on just this topic by a fellow named Robert
> L. Ziegler, published by New Riders and called <emph>Linux
> A good general discussion of the issues and a couple of good recipies.
> Also some useful resources at openna.com Gmourani's book has some
> ipchains recipies as well.
> On Sat, 4 Nov 2000, Troy Telford wrote:
> > Having looked and not found, I'm asking here:
> > Is there any place where I can find a general ruleset for a firewall?
> > And, moreover, while many howto's mention how to specify a rule for a
> > ruleset, they do not specify *what* rules are good/bad/ugly, etc.
> > For instance:
> > Even though packets coming from an FTP port are allowed (supposedly to
> > allow FTP downloads...), apt-get is unable to function properly.
> > Moreover, I have no idea what a 'good' ruleset to simply allow FTP
> > requests from my machine (such as those made by an FTP client on my
> > machine, apt-get, etc.) are reasonably secure. And, in my case, I have
> > incoming FTP disabled, but is there a way to block packets at the
> > firewall (from people requesting FTP services on my computer), while
> > allowing my FTP requests to go unhindered?
> > In fact, I couldn't really find any good information on general firewall
> > construction. I could find information on how to set a rule for the
> > firewall; but now I need to find information on *what* kind of rules are
> > good, and why (and what is bad, and why).
> > Another Example: From what I understand, all TCP/UDP ports above 1024
> > are 'user' ports, and have no services attatched to them. What kind of
> > possible security problems/other risks are involved by having these
> > ports essentially 'open' to the world? What is the tradeoff with
> > closing them off?
> > For my particular situation, the computer is connected directly to the
> > internet on a campus network. I want to be able to have a good 'basic'
> > firewall ruleset that will allow me to do my normal tasks as though
> > there were no firewall active, yet filter out all incoming connection
> > requests (such as telnet, ftp, etc.). I'm running kernel 2.4.0-test9; I
> > have iptables figured out and can apply rulesets just fine. It's
> > knowing what rules make sense and what ones don't that I need help on.
> > I'm more interested in learning how to create a good firewall than
> > simply having one. (So I can make one from scratch should I ever have a
> > specific need).
> > Thanks for any help offered. I hope I didn't run in too many circles!
> > -Troy
> > --
> > To UNSUBSCRIBE, email to email@example.com
> > with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
> To UNSUBSCRIBE, email to email@example.com
> with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org