Firewalls: Re: internal filtering router

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: internal filtering router - filter config?
From:	Chip Rosenthal <chip @ unicom . com>
Date:	Fri, 3 Jan 1997 12:03:19 -0600 (CST)
To:	Firewalls @ GreatCircle . COM
Cc:	makoski @ future . dreamscape . com
In-reply-to:	<199701030900 . BAA03967 @ miles . greatcircle . com> from "Firewalls-Digest" at Jan 03, 1997 01:00:39 AM

> From: Steve Matkoski <makoski @
 future .
 dreamscape .
 com>
> Subject: internal filtering router - filter config?
> 
> What type of things would you filter on the internal router? or even
> the external router? I am going to be installing a firewall real soon
> and would really appreciate any help.

Unless I misunderstand, I think you ought to be asking what should
be *allowed* rather than what should be filtered.  Most people here
would advocate a "deny unless specifically permitted" stance in
your filter rules.

If you don't already have a firewall book, the Chapman & Zwicky book
does a pretty good job on this stuff.  They give a lot of attention
to configuring the filter on a service-by-service basis.

-- 
Chip Rosenthal * Unicom Systems Development * <chip @
 unicom .
 com>
URL: http://www.unicom.com/ * 4868D8BE10C86BDE 6017000BA783998E 
Helmet good.  Law bad.

Indexed By Date	Previous:	Re: Securing a LAN From: "William M. Perry" <wmperry @ aventail . com>
Indexed By Date	Next:	RE: The Looong Reach of US Crypto-Export Controls From: "Stout, Bill" <bill . stout @ hidata . com>
Indexed By Thread	Previous:	internal filtering router - filter config? From: Steve Matkoski <makoski @ future . dreamscape . com>
Indexed By Thread	Next:	Re: internal filtering router - filter config? From: Ricardo Alvarado <ralvarado @ avantel . com . mx>