diff options
Diffstat (limited to '2005/iptables-firewall-heinlein2005/example2.txt')
-rw-r--r-- | 2005/iptables-firewall-heinlein2005/example2.txt | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/2005/iptables-firewall-heinlein2005/example2.txt b/2005/iptables-firewall-heinlein2005/example2.txt new file mode 100644 index 0000000..3760b5d --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/example2.txt @@ -0,0 +1,26 @@ +Internal Network: 10.0.x.1/24 +Host10: 10.0.x.10/24 +Host11: 10.0.x.11/24 +Public IP: 10.0.0.z/24 + +Layout: + +Internal Net --- Firewall --- Public Net + +Security policy: +- Stateful Packet Filter for ~64k Connections +- All packets that are not explicitly allowed, have to be dropped +- All packets that are dropped have to be logged +- SSH access from public segment (192.168.100.y/24) to the Firewall itself +- No handling of multicast and/or broadcast packets +- Antispoofing rules for each interface +- All traffic from/to Internal must not be NAT'ed (i.e. public addresses) +- Correct handling of all ICMP Errors +- ICMP echo request / reply allowed stateful +- Host10: + - Administrative access via SSH from any Public Address + - HTTP access from Public Network +- Host11: + - No access from Public Network +- All machines in Internal Network: + - Allowed to initiate any kind of connections to Public Network |