News
:
This forum is now permanently frozen.
m0n0wall Forum
>
m0n0wall Support (English)
>
Firewall/NAT
Topic: Basic Network Security with m0n0wall in the SMB
Pages: [
1
]
Topic: Basic Network Security with m0n0wall in the SMB (Read 2448 times)
Basic Network Security with m0n0wall in the SMB
« on: September 11, 2011, 02:08:00 »
NCSIdaho
Posts: 15
Here are some of the basic firewall rules I use when deploying a m0n0wall in a small business ( 5 to 50 users)
Basic LAN security, these rules stop spam bots and DNS HiJajck. These must be applied to the Wireless interface as well.
Please see the attached PDF. Any suggestions and additions are welcome. I hope this answers questions for others
-Phil Vogler
Basic Network Security with m0n0wall in the SMB.pdf
(195.74 KB - downloaded 219 times.)
«
Last Edit: September 11, 2011, 02:11:09 by NCSIdaho
»
Re: Basic Network Security with m0n0wall in the SMB
« Reply #1 on: September 28, 2011, 19:43:49 »
NCSIdaho
Posts: 15
addendum for wireless interface -
Update/workaround
On the wireless interface only ( Tested only with Athros based cards) This allows DNS lookup to the m0n0wall or internal DNS server while blocking alternate DNS lookups. Why this must be applied on wireless and not on the LAN interface baffles me but I am guessing it is a driver issue
Proto Source Port Destination Port Description
(Reject) TCP ! 192.168.10.2 * * 25 (SMTP) SMTP Block
(Pass) UDP * * 192.168.10.2 53 (DNS) <- must be added
(Reject) UDP ! 192.168.10.2 * * 53 (DNS) DNS HiJack Block
(Pass) * LAN net * * * Default Wireless -> any
Pages: [
1
]