News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Basic Network Security with m0n0wall in the SMB
Pages: [1]
Topic: Basic Network Security with m0n0wall in the SMB  (Read 2448 times)
« on: September 11, 2011, 02:08:00 »
NCSIdaho *
Posts: 15
Here are some of the basic firewall rules I use when deploying a m0n0wall in a small business ( 5 to 50 users)

Basic LAN security, these rules stop spam bots and DNS HiJajck. These must be applied to the Wireless interface as well.  
Please see the attached PDF. Any suggestions and additions are welcome. I hope this answers questions for others

-Phil Vogler
* Basic Network Security with m0n0wall in the SMB.pdf (195.74 KB - downloaded 219 times.)
« Last Edit: September 11, 2011, 02:11:09 by NCSIdaho »
« Reply #1 on: September 28, 2011, 19:43:49 »
NCSIdaho *
Posts: 15
addendum for wireless interface -

Update/workaround

On the wireless interface only ( Tested only with Athros based cards) This allows DNS lookup to the m0n0wall or internal DNS server while blocking alternate DNS lookups. Why this must be applied on wireless and not on the LAN interface baffles me but I am guessing it is a driver issue

            Proto           Source            Port                 Destination         Port            Description   
   
(Reject)  TCP        ! 192.168.10.2         *                         *               25 (SMTP)        SMTP Block     
   
(Pass)    UDP                   *                *                192.168.10.2       53 (DNS)         <- must be added
   
(Reject)  UDP     ! 192.168.10.2          *                          *                53 (DNS)        DNS HiJack Block
   
(Pass)       *           LAN net                *                          *                        *            Default Wireless -> any 
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines