Re: 327w firewall "state" rule times out in 10sec?!?

Author	All Replies
impala join:2008-03-08 Clemson, SC ·AT&T Southeast	reply to impala Re: 327w firewall "state" rule times out in 10sec?!? for reference, here are my inbound firewall rules: credit BellSouth 327W and N O Y B in the Westell FAQ for ideas. title [ Security Level Custom (Medium) IN rules ] begin RulesInDropDHCPAddress drop from addr 0.0.0.0 >> done, alert 4 [0.0.0.0 Source IP Address] RulesInPassIcmpRequest pass icmp-type request, to addr %WANADDR%:32 >> done, alert 0 [pinged] RulesInDropTTL drop match 3 8 { 01:FE } >> done, alert 3 [TTL of 0 or 1] # Pass and Log Specific ICMP RulesInPassICMP pass icmp-type reply >> done, alert 0 [Ping Reply] # Type: 0 pass icmp-type exceeded >> done, alert 0 [traceroute reply] # Type: 11 pass icmp-type unreachable >> done, alert 0 [Dst Unreachable] # Type: 3 RulesInDropFrom192 drop from addr %LANADDR%:%LANMASK% >> done, alert 4 [WAN Traffic from LAN IP] # Drop All Unsolicited Inbound RulesInDropAll drop all >> done, alert 1 [Drop All Unsolicited Inbound] end reject DHCP requests from WAN; responds to pings and traceroutes; rejects packets whose TTL will expire; accept responses to pings and traceroutes; reject private packets from wan reject everything else With these rules I depend on the stateful firewall and NAT for inbound connections, as well as whatever is hard-coded in the 327W.
impala join:2008-03-08 Clemson, SC ·AT&T Southeast	to forum · permalink · · 2008-04-06 14:18:35 ·


Saturday, 05-Dec 19:45:05	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF