Firewall: Difference between revisions
No edit summary |
No edit summary |
||
| Line 6: | Line 6: | ||
; # : Block all by default | ; # : Block all by default | ||
; # : Allow rules only as required | ; # : Allow rules only as required | ||
For example, if you have blocked all by default, first you will want to try to resolve [[DNS]] I'm sure. So you will need to start a packet sniffer ([[tcpdump]], [[ethereal]], [[snoop]]) and watch the packets trying to leave and come in. In another window, type "host yashy.com" to try and resolve my DNS. As you should see, you need to allow [[port]] 53.. but was that [[TCP]] or [[UDP]]? You not only want to only allow that port, you may as well include the protocol as well. Once you have modified your firewall ruleset so that "host yashy.com" actually resolves and returns an IP address, try to use your browser to get there. As you will see, now you need to create a TCP rule for outbound port 80. Eventually you'll have a very decent firewall. | For example, if you have blocked all by default, first you will want to try to resolve [[DNS]] I'm sure. So you will need to start a packet sniffer ([[tcpdump]], [[ethereal]], [[snoop]]) and watch the packets trying to leave and come in. In another window, type "host yashy.com" to try and resolve my DNS. As you should see, you need to allow [[port]] 53.. but was that [[TCP]] or [[UDP]]? You not only want to only allow that port, you may as well include the protocol as well. Once you have modified your firewall ruleset so that "host yashy.com" actually resolves and returns an IP address, try to use your browser to get there. As you will see, now you need to create a TCP rule for outbound port 80. Eventually you'll have a very decent firewall. | ||
Revision as of 05:23, 24 October 2005
A Firewall is an extension to an Operating System that allows one to create policies for Internet protocols in order to deny content that is deemed illegal or harmful. Firewalls are most common to work on OSI layers 3 and 4. Commercial firewalls often inspect higher layers than 3 and 4, for example SMTP content (RFC 2821 and 2822). Firewalls cannot inspect encrypted protocols (see cryptography) unless they have been given the secret key.
My recommended process for installing a firewall is:
- #
- Block all by default
- #
- Allow rules only as required
For example, if you have blocked all by default, first you will want to try to resolve DNS I'm sure. So you will need to start a packet sniffer (tcpdump, ethereal, snoop) and watch the packets trying to leave and come in. In another window, type "host yashy.com" to try and resolve my DNS. As you should see, you need to allow port 53.. but was that TCP or UDP? You not only want to only allow that port, you may as well include the protocol as well. Once you have modified your firewall ruleset so that "host yashy.com" actually resolves and returns an IP address, try to use your browser to get there. As you will see, now you need to create a TCP rule for outbound port 80. Eventually you'll have a very decent firewall.
Firewalls for UNIX
- pf
- A stateful firewall written by Daniel Hartmeier for OpenBSD. Has been ported to all BSD's. pf has a nice logging mechanism that one can view with tcpdump.
- ipf
- IP Filter available in a number of UNIX OS's. Written by Darren Reed.
- Checkpoint
- Expensive commercial firewall runs on Solaris. Written in Israel.
Firewalls for Windows
A common free firewall for Windows that blocks all of your ports is zone alarm. Checkpoint Firewall also works on Windows.
