Re: 'Generic' Firewall Rulesets?

To: Troy Telford <troyt@myrealbox.com>
Cc: debian-security@lists.debian.org
Subject: Re: 'Generic' Firewall Rulesets?
From: mikehaarman <mike@haarman.net>
Date: Sat, 4 Nov 2000 00:50:14 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.21.0011040034070.14169-100000@copper.he.net>
In-reply-to: <[🔎] 3A03C3A4.70303@myrealbox.com>

There is an excellent book on just this topic by a fellow named Robert
L. Ziegler, published by New Riders and called <emph>Linux
Firewalls</emph>.

A good general discussion of the issues and a couple of good recipies.

Also some useful resources at openna.com  Gmourani's book has some
ipchains recipies as well.

mike

On Sat, 4 Nov 2000, Troy Telford wrote:

> Having looked and not found, I'm asking here:
> 
> Is there any place where I can find a general ruleset for a firewall?
> 
> And, moreover, while many howto's mention how to specify a rule for a 
> ruleset, they do not specify *what* rules are good/bad/ugly, etc.
> 
> For instance:
> 
> Even though packets coming from an FTP port are allowed (supposedly to 
> allow FTP downloads...), apt-get is unable to function properly.
> 
> Moreover, I have no idea what a 'good' ruleset to simply allow FTP 
> requests from my machine (such as those made by an FTP client on my 
> machine, apt-get, etc.) are reasonably secure.  And, in my case, I have 
> incoming FTP disabled, but is there a way to block packets at the 
> firewall (from people requesting FTP services on my computer), while 
> allowing my FTP requests to go unhindered?
> 
> In fact, I couldn't really find any good information on general firewall 
> construction.  I could find information on how to set a rule for the 
> firewall; but now I need to find information on *what* kind of rules are 
> good, and why (and what is bad, and why).
> 
> Another Example:  From what I understand, all TCP/UDP ports above 1024 
> are 'user' ports, and have no services attatched to them.  What kind of 
> possible security problems/other risks are involved by having these 
> ports essentially 'open' to the world?  What is the tradeoff with 
> closing them off?
> 
> For my particular situation, the computer is connected directly to the 
> internet on a campus network.  I want to be able to have a good 'basic' 
> firewall ruleset that will allow me to do my normal tasks as though 
> there were no firewall active, yet filter out all incoming connection 
> requests (such as telnet, ftp, etc.).  I'm running kernel 2.4.0-test9; I 
> have iptables figured out and can apply rulesets just fine.  It's 
> knowing what rules make sense and what ones don't that I need help on.
> 
> I'm more interested in learning how to create a good firewall than 
> simply having one.  (So I can make one from scratch should I ever have a 
> specific need).
> 
> Thanks for any help offered.  I hope I didn't run in too many circles!
> 
> -Troy
> 
> 
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Follow-Ups:
- Re: 'Generic' Firewall Rulesets?
  - From: Christopher Gahlon <cgahlon@citilink.com>

References:
- 'Generic' Firewall Rulesets?
  - From: Troy Telford <troyt@myrealbox.com>

Prev by Date: Re: buffer overflow in pine <= 4.21
Next by Date: Re: 'Generic' Firewall Rulesets?
Previous by thread: 'Generic' Firewall Rulesets?
Next by thread: Re: 'Generic' Firewall Rulesets?
Index(es):
- Date
- Thread