Here is a suggestion for basic firewall setup: Always have a base rule or policy that is set to deny or drop any source to any destination using any service/port. Then add rules or policies above the basic deny policy (typically referred to as a stealth rule) to specifically allow only the transactions that you need.
EX: Source Destination Service/Port Action any mail_server smtp accept any any any drop The stealth rule is critical for incoming packets, but it may not be necessary for outgoing packets depending on your level of trust relating to internal hosts or clients. John Spencer, CCSA, SCSA, RHCE Systems Administrator Model Technology --A Mentor Graphics Company [EMAIL PROTECTED] **Opinions expressed here do not necessarily express the opinions of Mentor Graphics or its subsidiaries. Gilles Poiret wrote: >Hello, > > >Most of answers I received suggest me to set up a firewall. (My router >seems to have this ability.) >But a firewall to block what ? Excepted for the router, computers can't >be "to >uch" from outside of the LAN, since they have private adresses. > >The most important risk seems to be about worms, trojans, or java and >javascript applications... >Some of answers talk about proxies, to prevent this kind of problems. >I can't see what improvement of security a proxy brings generally, and >in particular in the case of worms & Co, specially with regard to a >firewall... >If you know the answer (or a web site about that), i'm very interested ! > > >What do you think about this configuration, for the firewall's router : >- ingoing packets : SYN packets blocked (for me, useless -> private >addresses) >- outgoing packets : every packets blocked, except those where >destination is web, smtp, pop port. (Working context -> no irc, ....) >Is it an useful and effective configuration ? > > >Regards, > >-- >Gilles Poiret >
