Having looked and not found, I'm asking here:
Is there any place where I can find a general ruleset for a firewall?
And, moreover, while many howto's mention how to specify a rule for a
ruleset, they do not specify *what* rules are good/bad/ugly, etc.
For instance:
Even though packets coming from an FTP port are allowed (supposedly to
allow FTP downloads...), apt-get is unable to function properly.
Moreover, I have no idea what a 'good' ruleset to simply allow FTP
requests from my machine (such as those made by an FTP client on my
machine, apt-get, etc.) are reasonably secure. And, in my case, I have
incoming FTP disabled, but is there a way to block packets at the
firewall (from people requesting FTP services on my computer), while
allowing my FTP requests to go unhindered?
In fact, I couldn't really find any good information on general firewall
construction. I could find information on how to set a rule for the
firewall; but now I need to find information on *what* kind of rules are
good, and why (and what is bad, and why).
Another Example: From what I understand, all TCP/UDP ports above 1024
are 'user' ports, and have no services attatched to them. What kind of
possible security problems/other risks are involved by having these
ports essentially 'open' to the world? What is the tradeoff with
closing them off?
For my particular situation, the computer is connected directly to the
internet on a campus network. I want to be able to have a good 'basic'
firewall ruleset that will allow me to do my normal tasks as though
there were no firewall active, yet filter out all incoming connection
requests (such as telnet, ftp, etc.). I'm running kernel 2.4.0-test9; I
have iptables figured out and can apply rulesets just fine. It's
knowing what rules make sense and what ones don't that I need help on.
I'm more interested in learning how to create a good firewall than
simply having one. (So I can make one from scratch should I ever have a
specific need).
Thanks for any help offered. I hope I didn't run in too many circles!
-Troy
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
