I was under the impression that the "stealth rule" was to have anything going directly to your Firewall dropped, therefore making your FW's addess a "black hole". It never answers anything, except what you specifically allow for management purposes.
The rule you describe was always referred to as a "clean up" rule, to clean up (deny) anything not specifically addressed (allowed) within your rulebase. The other thing I would recommend to Gilles would be to not depend on a router to do the job of a firewall if the data you are protecting is important. If it is trivial, no problem, but a router as FW is usually only a packet filter based on IP address. It is trivial to spoof an IP address. HTH Nick On Fri, 2002-01-04 at 12:47, John Spencer wrote: > Here is a suggestion for basic firewall setup: > > Always have a base rule or policy that is set to deny or drop any source > to any destination using any service/port. Then add rules or policies > above > the basic deny policy (typically referred to as a stealth rule) to > specifically allow only the transactions that you need. > > EX: > > Source Destination Service/Port Action > > any mail_server smtp accept > any any any drop > > The stealth rule is critical for incoming packets, but it may not be > necessary for outgoing packets depending on your level of trust relating > to internal hosts or clients. > > > > > John Spencer, CCSA, SCSA, RHCE > Systems Administrator > Model Technology --A Mentor Graphics Company > [EMAIL PROTECTED] > > **Opinions expressed here do not necessarily express the opinions of > Mentor Graphics or its subsidiaries. > > > Gilles Poiret wrote: > > >Hello, > > > > > >Most of answers I received suggest me to set up a firewall. (My router > >seems to have this ability.) > >But a firewall to block what ? Excepted for the router, computers can't > >be "to > >uch" from outside of the LAN, since they have private adresses. > > > >The most important risk seems to be about worms, trojans, or java and > >javascript applications... > >Some of answers talk about proxies, to prevent this kind of problems. > >I can't see what improvement of security a proxy brings generally, and > >in particular in the case of worms & Co, specially with regard to a > >firewall... > >If you know the answer (or a web site about that), i'm very interested ! > > > > > >What do you think about this configuration, for the firewall's router : > >- ingoing packets : SYN packets blocked (for me, useless -> private > >addresses) > >- outgoing packets : every packets blocked, except those where > >destination is web, smtp, pop port. (Working context -> no irc, ....) > >Is it an useful and effective configuration ? > > > > > >Regards, > > > >-- > >Gilles Poiret > > -- Nick Network Security Consultant CISSP, CCSI, MCSE, CCNA Lucent Technologies/NPS Raleigh, NC _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
