[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 To:  SDamron <sdamron at gmail dot com>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Firewall rules
 Date:  Mon, 17 Jul 2006 16:32:41 -0400 
On 7/17/06, SDamron <sdamron at gmail dot com> wrote:
> Does anyone have a list of firewall rules that they would care to
> share that they use as a starting point when setting up a new
> firewall?  M0n0 specific would be nice, but any would be greatly
> appreciated.
>

It depends on your environment.  Make a list of exactly which
protocols you require and specifically which hosts require those, and
only permit those.  Drop everything else (including getting rid of the
default allow all rule on the LAN).  You probably want HTTP and HTTPS
only permitted from an internal proxy server, in an ideal setup,
forcing all machines to proxy, where you have much greater control of
the traffic.  Sans proxy, you'll probably have to permit HTTP and
HTTPS from all machines.  Assuming you have an internal mail server,
you'll only want to allow outbound SMTP from that machine.

Since we have no clue what applications you require, we can't provide
a list of rules that would be appropriate for you.  Just remember to
only permit the bare minimum of what you require.

-Chris