-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You should block ALL private IP ranges, both ingress and egress from your firewall. This also entails 192.168.0.0/16 and 172.16.0.0/12 including the 10.0.0.0/8. Other good things to block: Internal IPs on the exteral interface 127.0.0.0/8 (loopback) on internal or external interfaces You could also filter ICMP inbound and outbound Also, make sure to only allow the necessary inbound/outbound ports.
A good rule of thumb is that which is not explicitly allowed should be denied. This is by no means a comprehensive list of things to filter but its a good starting set. - -Mike - -----Original Message----- From: Erick Arturo Perez Huemer [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 23, 2002 12:28 AM To: [EMAIL PROTECTED] Subject: Basic rules for IPTABLES protection I am about to install a RedHat 8.0 box with iptables to act as our firewall for our internal network that consists of 20 machines. Besides doing a -j drop on our external interface when receives a packet with source equal to our internal network, what other measures we have to take? We do host an SMTP server but nothing else. I have read about blocking 10.x.x.x addresses but also read that "some" routers/sites use those addresses. Any anti-DoS rules? More settings? Or maybe a link to a site that offers suggestion for proper firewall configurations.... Thanks in advance, Erick. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPeKlcC76iJsaBRvcEQJo7ACgiHb0SiP3rSd1GKhPFiAcSMyuE98AniUc gOFlS+5ZAUFPC9YDf+33tLpr =YYwj -----END PGP SIGNATURE-----
