On Fri, 22 Aug 2003, Keith wrote: > Firewalls are your friend. These days they are so cheap, even for home > use, that there is no reason not to have one. It is in your best > interest to have one, set up an inbound default policy of DENY for at > least all priveledged ports and only open up those that you absolutely > need. Then, if you get hacked, it would be easier to determine the > vulnerable service. >
Good advice but do you know of any of the cheaper home units (SMC, Netgear, Siemens, Dlink, Linksys etc..) that can actually be configured with default DENY? Everyone I have seen is default allow and you block from there. You can block various things like IRC and SMTP but you have to do it manually. I have a few floppy linux routers that I mess with that are default DENY but they each have disadvantages too. A cheap self contained router/firewall that had the ability to default deny, block by IP and range, block by DNS name, and block by time period would be great. While I'm dreaming, I'd also like the ability of limiting the services forwarding fuction to specific ip's instead of the firewall blindly forwarding selected ports over to another machine, like now I forward ssh port 22 to my Linux machine but have to maintain specific rules on that machine of where I can connect from, same with port 80 to a second machine. Can anyone think of more :)
