Inbound Access List Help
Posted on 2007-03-22
My ISP gives me the ability to use a managed firewall on their router. I can use a web interface provided to manipulate it. However, my attempts to utilize it have ended up with some bad results. My end goal is to lock down all incoming traffic except for the few things I am using.
The basic look of the firewall interface I have access to is:
//These are the main headings.
ACTION PROTOCOL APPLICATION PORTS IP ADDRESSES
//These are the options for each heading
ACTION: (permit | deny)
PROTOCOL: (TCP | UDP | IP)
//The application, ports, and addresses or split into two parts: Source and destination
//For each part they have the following options
APPLICATION: (ANY | DNS | HTTP | etc...)
PORTS: Two Textboxes for range
( ANY | HOST | NETWORK) //depending on what you select here, you input more shown below
One Textbox for what I assume is an IP address if you specify "host" above
Drop Down list (ex: /24) I believe this is for subnet if you specify "network" above
My needs are as follows:
VPN Server (IPsec)
Everything Else Blocked
The public IP Addresses of the Web and VPN servers are for example: 18.104.22.168 (mask 255.255.255.248)
The rest of the network are privately addressed for example: 10.0.1.3 (mask 255.255.255.0)
We use the VPN to connect to the network and then use remote desktop to connect directly to any given computer.
Any guidance would be helpful. I am also aware that the order of entry is kind of important.
There is also the following note on the interface. I'm not sure if it matters.
PLEASE NOTE: In order to prevent inadvertent restrictions to network access, each Access Control List ends with a statement which permits all traffic which does not have a specific rule associated with it. Please refer to the help documentation for information on how to override this rule.