Re: [Fwbuilder-discussion] Web Server Firewall Example
Brought to you by:
mikehorn
From: Michael S. <mi...@mu...> - 2009-01-21 15:16:23
|
Am Mittwoch, 21. Januar 2009 15:54:27 schrieb Klaus Engelmann: > Michael: > > I woud not do this. I case your webserver is hacked the intruder can load > > any > > > software from the net he wants. > > I fully agree with you. > > The only thing I am still in doubt is about the way FWBUILDER creates the > template Web Server firewall. I was using it as an example in order to > learn more about the way FWBUILDER works. I thought that the rules should > be like: > > 0 - start alllowing everything from loopback > 1 - allow specific ports for inbound packages (with rate limiting in some > cases) > 2 - allow specific ports for outbound packages > 3 - deny everything else inbound and outbound packages. > > Is this methodology ok ? Yes. But fwbuilder templats are VERY limited. Your have to find out yourself what outgoing connection are needed by you server. Do not forget network time protocol. Connections to repository servers for updates, ... -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: mi...@mu... web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 |