[ previous ] [ next ] [ threads ]
 From:  SDamron <sdamron at gmail dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Firewall rules
 Date:  Mon, 17 Jul 2006 19:05:50 -0500
Totally agree with you on that, I was just trying to cut down on the
time involved, guess I just need to do it :o)


On 7/17/06, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 7/17/06, SDamron <sdamron at gmail dot com> wrote:
> > Does anyone have a list of firewall rules that they would care to
> > share that they use as a starting point when setting up a new
> > firewall?  M0n0 specific would be nice, but any would be greatly
> > appreciated.
> >
> It depends on your environment.  Make a list of exactly which
> protocols you require and specifically which hosts require those, and
> only permit those.  Drop everything else (including getting rid of the
> default allow all rule on the LAN).  You probably want HTTP and HTTPS
> only permitted from an internal proxy server, in an ideal setup,
> forcing all machines to proxy, where you have much greater control of
> the traffic.  Sans proxy, you'll probably have to permit HTTP and
> HTTPS from all machines.  Assuming you have an internal mail server,
> you'll only want to allow outbound SMTP from that machine.
> Since we have no clue what applications you require, we can't provide
> a list of rules that would be appropriate for you.  Just remember to
> only permit the bare minimum of what you require.
> -Chris

"Nothing on earth can overcome an absolutely non-resistant person."