Solved

Firewall setup scritp on Efficien Networks Router model # 5851

Posted on 2004-08-10
1
233 Views
Last Modified: 2013-11-16
Hi, we have SDSL running on our company network, we are running IIS (web server) POP3 and SMTP (email server) DNS and few other standard web hosting futures. The original setting in this router have only 4 setting, either firewall is OFF or any other setting wont allowed to pass traffic trough for our server. I never had chance to set up this router and firewall so if any one could help us to write script so it would allow for our servers to work on this network and blow rest or the junk ( we getting a lot of addware, spyware and other junk, pop ups on server) we would really appreciated. I am posting script what this router has for maximum security, you can edit and email it back to me (yuriy@hulanetworks.com ) or post here so I could copy.

Here is the script:
# Maxsec Firewall script - 6/7/01
# For DSL router
# Allow protocols: HTTP, HTTPS, SMTP, POP3, SNTP, Telnet,
#                  DNS, FTP (passive), L2TP, IPSec, IKE

# Flush all existing filters
remote ipfilter flush input internet
remote ipfilter flush output internet
remote ipfilter flush transmit internet
remote ipfilter flush receive internet
eth ip filter flush input 0
eth ip filter flush output 0
eth ip filter flush transmit 0
eth ip filter flush receive 0

# No incoming connections
remote ipfilter append input drop -p tcp -tcp syn internet

# HTTP
remote ipfilter append input accept -p tcp -sp 80 internet
remote ipfilter append output accept -p tcp -dp 80 internet

# HTTPS (SSL)
remote ipfilter append input accept -p tcp -sp 443 internet
remote ipfilter append output accept -p tcp -dp 443 internet

# SMTP
remote ipfilter append input accept -p tcp -sp 25 internet
remote ipfilter append output accept -p tcp -dp 25 internet

# POP3
remote ipfilter append input accept -p tcp -sp 110 internet
remote ipfilter append output accept -p tcp -dp 110 internet

# SNTP
# - allow requests and responses to the router only
#
remote ipfilter append receive accept -p udp -dp 8123 -sp 123 internet
remote ipfilter append transmit accept -p udp -dp 123 -sp 8123 internet
remote ipfilter append input accept -p udp -sp 123 internet
remote ipfilter append output accept -p udp -dp 123 internet
eth ip filter append output drop -p udp -sp 123 0
eth ip filter append output drop -p udp -dp 123 0

# Telnet
remote ipfilter append input accept -p tcp -sp 23 internet
remote ipfilter append output accept -p tcp -dp 23 internet

# DNS
remote ipfilter append input accept -p udp -sp 53 internet
remote ipfilter append output accept -p udp -dp 53 internet

# FTP
remote ipfilter append input accept -p tcp -sp 20:21 internet
remote ipfilter append output accept -p tcp -dp 20:21 internet

# L2TP
# - allow requests and responses to the router only
#
remote ipfilter append input accept -p udp -sp 1701 internet
remote ipfilter append output accept -p udp -dp 1701 internet
eth ip filter append output drop -p udp -sp 1701 0
eth ip filter append output drop -p udp -dp 1701 0

# Allow IPSec, IKE packets
remote ipfilter append input accept -p udp -sp 500 -dp 500 internet
remote ipfilter append input accept -p 50 internet
remote ipfilter append input accept -p 51 internet
remote ipfilter append output accept -p udp -sp 500 -dp 500 internet
remote ipfilter append output accept -p 50 internet
remote ipfilter append output accept -p 51 internet

# Drop all other traffic not listed above
remote ipfilter append input drop internet
remote ipfilter append output drop internet

# Watch the results
remote ipfilter watch on internet

save

0
Comment
Question by:hulanet
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
ID: 11770344
sorry, never seen this language, but sounds liike the script misses to drop routed packets, please check your docs if 'transmit' and 'receive' are the chains for forwarded packeges first:

# No forwarded connections
remote ipfilter append receive  drop internet
remote ipfilter append transmit drop internet

> we getting a lot of addware, spyware and other junk, pop ups on server
this has nothinh to do with your firewall, you need to harden your applications on each client (mail, browser, etc.)
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

775 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question