Hi!
First of all, make design of your firewall. If it's high risky fw, I
recommend "default deny" approach. This means to block everything that comes
into your box (from WAN in) except to ports you explicitly allow. This leads
to modifieing rules every time you or any user needs to open another port.
But this is the safest way.
If you do not need such strong fw, than run command: netstat -a. It will
tell you ports on which your box is listening. Close them if you don't need
them. They depends on installation of services, so you can even deinstall
the service (recommended).
So you see; you have to build your own fw. Of course there are some ports
(rpc(111) on example) that you want to log. Rules for those ports must be
explicitly told, even there is no service to listen on.
There are some rules, not related to ports, I usually have either:
* close every spoofing of private internet addresses from WAN (192.168/16,
172.16/12, 10/8, 127/8, 255.255.255.255/32)
* close packets with IP options
* close IP fragments which are so short the rules won't be able ot examine
the whole header
* close all packets with FIN, URG and PSH flags on (OS fingerprint)
* close ICMP traffic (on special request for ping or traceroute, let packets
with icmp-type 8 out and packets with icmp-type 0 and 3 in)
...
There are some more options, but I cannot write them all here.
For starting try to read some how-tos on the Net. Maybe start with this one:
http://www.obfuscation.org/ipf/ipf-howto.txt. It is just for IP Filter, but
it is good for understanding. I bet there are others too, but I use to work
with IP Filter (on OpenBSD 2.9 was still there) so I'm used to that one.
--
aleksander zejn, Zejn d.o.o.,
www.security-solutions.info
----- Original Message -----
From: "Clint Goodwin" <[EMAIL PROTECTED]>
To: "security-basics" <[EMAIL PROTECTED]>
Sent: Sunday, March 17, 2002 11:46 AM
Subject: Help With firewall ports
> Hi all,
>
> I was wondering what would be a good list of ports to block at my
> firewall.
> I have some of the most common ones covered , however I Don't have
>
> a lot of experience with firewalls yet.
> Can someone point me to a good resource or even provide me with a
> list to help me get started.
>
> Thanks in advance
>
> Clint Goodwin
>
