dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
939
share rss forum feed

Blueshoes

join:2010-10-02
Minneapolis, MN

I need an "outline" on making firewall rules please

Can someone make a very clear and idiot proof guide to making a firewall rule. I have done it, but forget when I need to add another and feel very "iffy" when I try to tackle it again.

I want to setup a friend with a USG 20 and his kids use Xbox Live and I want to pass it through to the spread of known xbox ports and ip addresses.

My network I lock down and close all ports outgoing except 53, 80, 443 ect... (the common) Thus needing firewall rules to pass.

I know the Zyxel is object based and that seems to screw me up a bit compared to my old 2 plus that seemed so easy. What object do I start out with first and second ect... Is there a page of this that someone posted before.

If a couple different people want to try to tackle it in different ways or the way they do it , great!

Thanks for the help.


Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
kudos:5

Re: I need an "outline" on making firewall rules pleas

Well its hard to quite understand what your saying but basically, in the zywall usg 20 there are some basic considerations-steps.

a. for each IP address (PC) you need to define a host object
b. for each function or port used you need to create a service port.

c. you then need to create a NAT virtual server rule (port forwarding), and

d. you need to make a corresponding firewall rule.

Both C and D use the services you define in A and B.
--
Ain't nuthin but the blues! "Albert Collins".
Leave your troubles at the door! "Pepe Peregil" De Sevilla. Just Don't Wifi without WPA, "Yul Brenner"

LlamaWorks Equipment


Brano
I hate Vogons
Premium,MVM
join:2002-06-25
Burlington, ON
kudos:11
Reviews:
·TekSavvy DSL
·Bell Fibe
reply to Blueshoes
Some ideas here »Secure your USG - quick how-to
But basically, all FW rules are evaluated from top to bottom.
- create objects for all IPs / ranges you need to manage
- create objects for all services (ports) you need to manage
- create appropriate ALLOW firewall rules, order matters
- ensure last default rule is set to DENY

Read the manual »ftp://ftp.zyxel.com/ZyWALL_USG_20/user···_Ed1.pdf
Put the latest FW on the box »ftp://ftp.zyxel.com/ZyWALL_USG_20/firm···4)C0.zip