impala
join:2008-03-08
Clemson, SC | reply to impala
Re: 327w firewall "state" rule times out in 10sec?!?for reference, here are my inbound firewall rules:
credit BellSouth 327W and N O Y B in the Westell FAQ for ideas.
title [ Security Level Custom (Medium) IN rules ]
begin
RulesInDropDHCPAddress
drop from addr 0.0.0.0 >> done, alert 4 [0.0.0.0 Source IP Address]
RulesInPassIcmpRequest
pass icmp-type request, to addr %WANADDR%:32 >> done, alert 0 [pinged]
RulesInDropTTL
drop match 3 8 { 01:FE } >> done, alert 3 [TTL of 0 or 1]
# Pass and Log Specific ICMP
RulesInPassICMP
pass icmp-type reply >> done, alert 0 [Ping Reply] # Type: 0
pass icmp-type exceeded >> done, alert 0 [traceroute reply] # Type: 11
pass icmp-type unreachable >> done, alert 0 [Dst Unreachable] # Type: 3
RulesInDropFrom192
drop from addr %LANADDR%:%LANMASK% >> done, alert 4 [WAN Traffic from LAN IP]
# Drop All Unsolicited Inbound
RulesInDropAll
drop all >> done, alert 1 [Drop All Unsolicited Inbound]
end
reject DHCP requests from WAN;
responds to pings and traceroutes;
rejects packets whose TTL will expire;
accept responses to pings and traceroutes;
reject private packets from wan
reject everything else
With these rules I depend on the stateful firewall and NAT for inbound connections, as well as whatever is hard-coded in the 327W. |
