Solved

Firewall setup scritp on Efficien Networks Router model # 5851

Posted on 2004-08-10
1
230 Views
Last Modified: 2013-11-16
Hi, we have SDSL running on our company network, we are running IIS (web server) POP3 and SMTP (email server) DNS and few other standard web hosting futures. The original setting in this router have only 4 setting, either firewall is OFF or any other setting wont allowed to pass traffic trough for our server. I never had chance to set up this router and firewall so if any one could help us to write script so it would allow for our servers to work on this network and blow rest or the junk ( we getting a lot of addware, spyware and other junk, pop ups on server) we would really appreciated. I am posting script what this router has for maximum security, you can edit and email it back to me (yuriy@hulanetworks.com ) or post here so I could copy.

Here is the script:
# Maxsec Firewall script - 6/7/01
# For DSL router
# Allow protocols: HTTP, HTTPS, SMTP, POP3, SNTP, Telnet,
#                  DNS, FTP (passive), L2TP, IPSec, IKE

# Flush all existing filters
remote ipfilter flush input internet
remote ipfilter flush output internet
remote ipfilter flush transmit internet
remote ipfilter flush receive internet
eth ip filter flush input 0
eth ip filter flush output 0
eth ip filter flush transmit 0
eth ip filter flush receive 0

# No incoming connections
remote ipfilter append input drop -p tcp -tcp syn internet

# HTTP
remote ipfilter append input accept -p tcp -sp 80 internet
remote ipfilter append output accept -p tcp -dp 80 internet

# HTTPS (SSL)
remote ipfilter append input accept -p tcp -sp 443 internet
remote ipfilter append output accept -p tcp -dp 443 internet

# SMTP
remote ipfilter append input accept -p tcp -sp 25 internet
remote ipfilter append output accept -p tcp -dp 25 internet

# POP3
remote ipfilter append input accept -p tcp -sp 110 internet
remote ipfilter append output accept -p tcp -dp 110 internet

# SNTP
# - allow requests and responses to the router only
#
remote ipfilter append receive accept -p udp -dp 8123 -sp 123 internet
remote ipfilter append transmit accept -p udp -dp 123 -sp 8123 internet
remote ipfilter append input accept -p udp -sp 123 internet
remote ipfilter append output accept -p udp -dp 123 internet
eth ip filter append output drop -p udp -sp 123 0
eth ip filter append output drop -p udp -dp 123 0

# Telnet
remote ipfilter append input accept -p tcp -sp 23 internet
remote ipfilter append output accept -p tcp -dp 23 internet

# DNS
remote ipfilter append input accept -p udp -sp 53 internet
remote ipfilter append output accept -p udp -dp 53 internet

# FTP
remote ipfilter append input accept -p tcp -sp 20:21 internet
remote ipfilter append output accept -p tcp -dp 20:21 internet

# L2TP
# - allow requests and responses to the router only
#
remote ipfilter append input accept -p udp -sp 1701 internet
remote ipfilter append output accept -p udp -dp 1701 internet
eth ip filter append output drop -p udp -sp 1701 0
eth ip filter append output drop -p udp -dp 1701 0

# Allow IPSec, IKE packets
remote ipfilter append input accept -p udp -sp 500 -dp 500 internet
remote ipfilter append input accept -p 50 internet
remote ipfilter append input accept -p 51 internet
remote ipfilter append output accept -p udp -sp 500 -dp 500 internet
remote ipfilter append output accept -p 50 internet
remote ipfilter append output accept -p 51 internet

# Drop all other traffic not listed above
remote ipfilter append input drop internet
remote ipfilter append output drop internet

# Watch the results
remote ipfilter watch on internet

save

0
Comment
Question by:hulanet
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 250 total points
Comment Utility
sorry, never seen this language, but sounds liike the script misses to drop routed packets, please check your docs if 'transmit' and 'receive' are the chains for forwarded packeges first:

# No forwarded connections
remote ipfilter append receive  drop internet
remote ipfilter append transmit drop internet

> we getting a lot of addware, spyware and other junk, pop ups on server
this has nothinh to do with your firewall, you need to harden your applications on each client (mail, browser, etc.)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
GPR - Cannot telnet 15 83
WYSIWYG editor triggering application firewall errors 6 59
Open BDS Pf 3 44
iptables ubuntu BLOCK all 2 75
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now