[ previous ] [ next ] [ threads ]
 
 From:  "Steve Thomas" <sthomas at consultant dot com>
 To:  "Kurt Mahan" <kmahan at xmission dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LAN rule suggestions
 Date:  Wed, 04 Apr 2007 01:16:02 -0500
Here's my outbound allow ruleset on my WRAP:


UDP * * * 53 (DNS) dns 
TCP * * * 80 (HTTP) http 
TCP * * * 443 (HTTPS) https 
UDP * * * 123 ntp 
TCP/UDP * * * 1755 media player 
TCP * * * 5190 aim 
TCP * * * 25 (SMTP) smtp 
TCP * * * 110 (POP3) pop3 
TCP * * * 3389 rdp 
GRE * * * * pptp 
TCP * * * 1723 pptp 
UDP * * * 500 ike 
UDP * * * 4500 ipsec 
TCP * * * 21 (FTP) ftp 
UDP * * * 1200 steam 
UDP * * * 27000 - 27015 steam 
TCP * * * 27020 - 27050 steam 
ICMP * * * * ICMP


  ----- Original Message -----
  From: "Kurt Mahan"
  To: m0n0wall at lists dot m0n0 dot ch
  Subject: [m0n0wall] LAN rule suggestions
  Date: Tue, 3 Apr 2007 18:06:13 -0600


  I'm looking for some advice/suggestions/pointers.

  Currently I'm running m0n0wall 1.23 on a WRAP 3 port board. It works
  great!

  The DMZ is configured according to the faq article. All my external
  facing
  services live in there. No need to talk to the LAN.

  The default LAN setting is working but it allows everything to exit
  the
  firewall. Several articles I've read suggest restricting outgoing
  packets
  from the LAN to prevent viruses and such from contacting their
  mothership.
  My LAN has a mix of Linux and Windows boxen. Any suggestions/examples
  of
  LAN rulesets? Any popular ports used by viruses to close?

  I didn't see a FAQ article covering this.

  Thanks!

  Kurt
  --
  /**
  * Kurt Mahan kmahan at xmission dot com
  */

  ---------------------------------------------------------------------
  To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
  For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch