Hey guys,
Building my first firewall with IBM Firewall 3.1. I'm aware it's old
and boring, but it works - sort of.
ALL of the default rules assume that the firewall machine has only two
NICs - a secure and an insecure. I'm building it with three NICs - we
need a DMZ. Unfortunately, this means that I have to rewrite every rule
and discard the defaults.
So, what I'm looking for is some manner of reference that will detail
each service, and what connections need to be allowed. For example:
Telnet: TCP out, random port, to port 23 on remote system.
TCP/ACK in, random port, from port 23 on remote system.
Web: TCP out, random port, to port 80 on remote system.
TCP in, random port, from port 80 on remote system.
Also on a slightly bizarre note - IBM Firewall needs FOUR rules to
allow a telnet connection. For some reason (is this different, or am I
naive?) it wants a rule for the DMZ interface to RECEIVE the TCP-out
packet, a rule for the insecure interface to retransmit to the final
destination, a rule for the insecure to receive the ACK, and a rule for
the DMZ interface to retransmit the ACK to the client machine.
I find this a bit bizarre.
I'm aware that the way I'm going about things is wrong from the
perspective of a "complete" security solution (no rants, please - I'm
aware of the idiocy of this statement). I'm just building a "better"
security plan for now, with stages two and three gradually tightening my
control over traffic. For now, telnet etc. have to be allowed to
placate everyone.
But, I digress.
Is there a resource such as this? Telnet is fine, and works now - same
with DNS and web. However, when we move into ADSM (for offsite backups)
and ICQ, etc, it'll get more difficult. IS this available, or should I
be tossing out some html as I go?
Cheers,
- Drew.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
