Ed
@xs4all.nl
|  Configuring firewall Efficient Network 5835 DMT Router
Hi,
We are using aSiemens Efficient Network 5835 DMT Router.
Ik want to configure the firewall to block incoming DNS traffic, all other traffic may go trough because there is a Sonicwall firewall behind this router.
If there is an other way to stop DNS relay on this router that solution is welcom.
Traffic that needs to pass through is:
SMTP
HTTP
HTTPS
RDP
PPTP
NTP
TCP port 587
Will this script work?
# Firewall script - 2/28/2003
# For DSL router
#flush all existing filters
remote ipfilter flush input internet
remote ipfilter flush output internet
remote ipfilter flush transmit internet
remote ipfilter flush receive internet
eth ip filter flush input
eth ip filter flush output
eth ip filter flush transmit
eth ip filter flush receive
Firewall allow –a http –d both
Firewall allow –a dns –d out
Firewall allow –a https –d both
Firewall allow –a smtp –d both
Firewall allow –a pptp –d both
Firewall allow –a tcp –d both
Firewall allow –a rdp –d both
Firewall allow –a ntp –d both
Firewall allow –p tcp –dp 587 –d out
Firewall allow –p tcp –dp 587 –d in
Firewall allow –p tcp –sp 587 –d out
Firewall allow –p tcp –sp 587 –d in
#allow all icmp to and from the router
remote ipfilter insert input accept -p icmp internet remote ipfilter insert output accept -p icmp internet
#drop all packets not allowed above
remote ipfilter append input drop internet remote ipfilter append output drop internet
system deltelnetfilter LAN ??what is this command for??
system delhttpfilter LAN ??what is this command for??
system delsnmpfilter LAN ??what is this command for??
system delsyslogfilter LAN ??what is this command for??
system securemode set wan trusted ??what is this command for??
env set security min ??what is this command for??
Save |
|
adsldude
always learning
Premium,Ex-Mod 2003-9
join:2000-11-10
Colorado | If DNS is all you want to impact then focus on just that.
firewall on
firewall deny -p udp -dp 53 -q -d both
save |
|
