Solved

Firewall setup scritp on Efficien Networks Router model # 5851

Posted on 2004-08-10
1
232 Views
Last Modified: 2013-11-16
Hi, we have SDSL running on our company network, we are running IIS (web server) POP3 and SMTP (email server) DNS and few other standard web hosting futures. The original setting in this router have only 4 setting, either firewall is OFF or any other setting wont allowed to pass traffic trough for our server. I never had chance to set up this router and firewall so if any one could help us to write script so it would allow for our servers to work on this network and blow rest or the junk ( we getting a lot of addware, spyware and other junk, pop ups on server) we would really appreciated. I am posting script what this router has for maximum security, you can edit and email it back to me (yuriy@hulanetworks.com ) or post here so I could copy.

Here is the script:
# Maxsec Firewall script - 6/7/01
# For DSL router
# Allow protocols: HTTP, HTTPS, SMTP, POP3, SNTP, Telnet,
#                  DNS, FTP (passive), L2TP, IPSec, IKE

# Flush all existing filters
remote ipfilter flush input internet
remote ipfilter flush output internet
remote ipfilter flush transmit internet
remote ipfilter flush receive internet
eth ip filter flush input 0
eth ip filter flush output 0
eth ip filter flush transmit 0
eth ip filter flush receive 0

# No incoming connections
remote ipfilter append input drop -p tcp -tcp syn internet

# HTTP
remote ipfilter append input accept -p tcp -sp 80 internet
remote ipfilter append output accept -p tcp -dp 80 internet

# HTTPS (SSL)
remote ipfilter append input accept -p tcp -sp 443 internet
remote ipfilter append output accept -p tcp -dp 443 internet

# SMTP
remote ipfilter append input accept -p tcp -sp 25 internet
remote ipfilter append output accept -p tcp -dp 25 internet

# POP3
remote ipfilter append input accept -p tcp -sp 110 internet
remote ipfilter append output accept -p tcp -dp 110 internet

# SNTP
# - allow requests and responses to the router only
#
remote ipfilter append receive accept -p udp -dp 8123 -sp 123 internet
remote ipfilter append transmit accept -p udp -dp 123 -sp 8123 internet
remote ipfilter append input accept -p udp -sp 123 internet
remote ipfilter append output accept -p udp -dp 123 internet
eth ip filter append output drop -p udp -sp 123 0
eth ip filter append output drop -p udp -dp 123 0

# Telnet
remote ipfilter append input accept -p tcp -sp 23 internet
remote ipfilter append output accept -p tcp -dp 23 internet

# DNS
remote ipfilter append input accept -p udp -sp 53 internet
remote ipfilter append output accept -p udp -dp 53 internet

# FTP
remote ipfilter append input accept -p tcp -sp 20:21 internet
remote ipfilter append output accept -p tcp -dp 20:21 internet

# L2TP
# - allow requests and responses to the router only
#
remote ipfilter append input accept -p udp -sp 1701 internet
remote ipfilter append output accept -p udp -dp 1701 internet
eth ip filter append output drop -p udp -sp 1701 0
eth ip filter append output drop -p udp -dp 1701 0

# Allow IPSec, IKE packets
remote ipfilter append input accept -p udp -sp 500 -dp 500 internet
remote ipfilter append input accept -p 50 internet
remote ipfilter append input accept -p 51 internet
remote ipfilter append output accept -p udp -sp 500 -dp 500 internet
remote ipfilter append output accept -p 50 internet
remote ipfilter append output accept -p 51 internet

# Drop all other traffic not listed above
remote ipfilter append input drop internet
remote ipfilter append output drop internet

# Watch the results
remote ipfilter watch on internet

save

0
Comment
Question by:hulanet
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 11770344
sorry, never seen this language, but sounds liike the script misses to drop routed packets, please check your docs if 'transmit' and 'receive' are the chains for forwarded packeges first:

# No forwarded connections
remote ipfilter append receive  drop internet
remote ipfilter append transmit drop internet

> we getting a lot of addware, spyware and other junk, pop ups on server
this has nothinh to do with your firewall, you need to harden your applications on each client (mail, browser, etc.)
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now