Hi,
I'm relatively new to firewalls, etc, but I now have broadband, a router, and consequently a hardware firewall.
I don't run any services on my PC with the exception of VNC, and have a NAT on the firewall to allow this to work.
Given this, would the following set of rules for my firewall work, or would I "break" something I need?
Your going about things the wrong way!!
Deny everything, unless you explicitly require it.
eg. src, s_port, dest, d_port, permission, comment
*, *, *, 80, allow, //Allow HTTP *, *, *, >=1024, allow, //Allow responses to unprivileged ports *, *, *, *, deny, //default denyYou will of course have to add rules for everything else... FTP, SMTP, DNS are all musts hence
*, *, *, 20, allow, //FTP *, *, *, 21, allow, //FTP *, *, *, 25, allow, //SMTP *, *, *, 53, allow, //DNSPlease don't take everything I say as given!! I am just learning this stuff myself, hopefully someone will confirm what I have said (backing up what I think I know....)
Regards,
Ben
To be more secure would the following be more secure:
src, s_port, dest, d_port, permission, comment
*, *, *, 80, allow, //HTTP outgoing *, 80, *, >=1024, allow, //HTTP incoming*, *, *, 25, allow, //SMTP outgoing
*, 25, *, >=1024, allow, //SMTP incoming *, *, *, *, deny, //default denyCabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.