The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

Latest message you have seen: RE: Tablet power supplies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [OT] Firewall configuration... 1 of 2

  • To: <ukha_d@xxxxxxx>
  • Subject: RE: [OT] Firewall configuration... 1 of 2
  • From: "Mark Harrison" <Mark.Harrison@xxxxxxx>
  • Date: Thu, 27 Dec 2001 12:06:41 -0000
  • Delivered-to: mailing list ukha_d@xxxxxxx
  • Mailing-list: list ukha_d@xxxxxxx; contact ukha_d-owner@xxxxxxx
  • Reply-to: ukha_d@xxxxxxx
Paul,

You're absolutely right in the "best practice" for incoming
stuff.

You should always start from the basis that NOTHING is allowed EXCEPT
particular stuff you choose to let in.

However, you can start with a rule that allows ANYTHING _out_.

In my particular case (the office), I use Firewall-1, so my rules (which
in F-1's case are evaluated top to bottom [Note 1]) go something like:


- From: INTERNAL NETWORK
- To: Any
- Port: Any
- Action: Allow, don't log


- From: Any
- To: WEBSERVER
- Port: http, https
- Action: Allow, log long


- From: SPECIFIC IP ADDRESS OF DEVELOPMENT COMPANY WE USE
- To: WEBSERVER
- Port: ftp
- Action: Allow, log long


- From: Any
- To: Any
- Port: Any
- Action: REJECT


[1] Note to pedants. Yes, I _do_ understand the _whole_ of F-1 rule
evaluation order, but I don't use any of _that_ stuff ;-)

Mark Harrison
Head of Systems, eKingfisher


-----Original Message-----
From: Paul Gordon [mailto:paul_gordon@xxxxxxx]
Sent: 27 December 2001 11:53
To: ukha_d@xxxxxxx
Subject: [ukha_d] [OT] Firewall configuration...


OK chaps, time to get my firewall sorted out I guess....

Currently it's wide open, with just one rule (block all NetBIOS)

I'm planning to add a default rule which blocks EVERYTHING, then add
specific rules to open up individual ports/services as required... (is
this
the best configuration?)

Looking for any "gotchya's" from those of you who've done this, -
are
there
any port numbers I should leave open that I might not have considered?
(What
port does MSN Messanger use?)

Paul G.


_________________________________________________________________
Join the world's largest e-mail service with MSN Hotmail.
http://www.hotmail.com



For more information: http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx
Subscribe:  ukha_d-subscribe@xxxxxxx
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
List owner:  ukha_d-owner@xxxxxxx

Your use of Yahoo! Groups is subject to
http://docs.yahoo.com/info/terms/



This email has been scanned for all viruses by the MessageLabs SkyScan
service. For more information on a pro-active anti-virus service working
around the clock, around the globe visit http://www.messagelabs.com/
Home | Main Index | Thread Index
Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.