|
||||||||||
Totally agree with you on that, I was just trying to cut down on the time involved, guess I just need to do it :o) Thanks. On 7/17/06, Chris Buechler <cbuechler at gmail dot com> wrote: > On 7/17/06, SDamron <sdamron at gmail dot com> wrote: > > Does anyone have a list of firewall rules that they would care to > > share that they use as a starting point when setting up a new > > firewall? M0n0 specific would be nice, but any would be greatly > > appreciated. > > > > It depends on your environment. Make a list of exactly which > protocols you require and specifically which hosts require those, and > only permit those. Drop everything else (including getting rid of the > default allow all rule on the LAN). You probably want HTTP and HTTPS > only permitted from an internal proxy server, in an ideal setup, > forcing all machines to proxy, where you have much greater control of > the traffic. Sans proxy, you'll probably have to permit HTTP and > HTTPS from all machines. Assuming you have an internal mail server, > you'll only want to allow outbound SMTP from that machine. > > Since we have no clue what applications you require, we can't provide > a list of rules that would be appropriate for you. Just remember to > only permit the bare minimum of what you require. > > -Chris > -- ------------------------------- "Nothing on earth can overcome an absolutely non-resistant person." |