Totally agree with you on that, I was just trying to cut down on the
time involved, guess I just need to do it :o)
On 7/17/06, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 7/17/06, SDamron <sdamron at gmail dot com> wrote:
> > Does anyone have a list of firewall rules that they would care to
> > share that they use as a starting point when setting up a new
> > firewall? M0n0 specific would be nice, but any would be greatly
> > appreciated.
> It depends on your environment. Make a list of exactly which
> protocols you require and specifically which hosts require those, and
> only permit those. Drop everything else (including getting rid of the
> default allow all rule on the LAN). You probably want HTTP and HTTPS
> only permitted from an internal proxy server, in an ideal setup,
> forcing all machines to proxy, where you have much greater control of
> the traffic. Sans proxy, you'll probably have to permit HTTP and
> HTTPS from all machines. Assuming you have an internal mail server,
> you'll only want to allow outbound SMTP from that machine.
> Since we have no clue what applications you require, we can't provide
> a list of rules that would be appropriate for you. Just remember to
> only permit the bare minimum of what you require.
"Nothing on earth can overcome an absolutely non-resistant person."