diff options
Diffstat (limited to '2005/iptables-firewall-heinlein2005/example1.txt')
| -rw-r--r-- | 2005/iptables-firewall-heinlein2005/example1.txt | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/2005/iptables-firewall-heinlein2005/example1.txt b/2005/iptables-firewall-heinlein2005/example1.txt new file mode 100644 index 0000000..33f70ce --- /dev/null +++ b/2005/iptables-firewall-heinlein2005/example1.txt @@ -0,0 +1,32 @@ +Internal Network: 10.0.0.1/24 (eth1) +DMZ: 10.23.23.1/24 (eth2) +Server10: 10.23.23.10/24 +Server11: 10.23.23.11/24 +Public IP: 192.168.100.215/24 (eth0) + +Layout: + DMZ + I +Internal Net --- Firewall --- Public Net + + +Security policy: +- Stateful Packet Filter for ~256k Connections +- All packets that are not explicitly allowed, have to be dropped +- All packets that are dropped have to be logged +- No access from the public network to the Firewall itself +- No handling of multicast and/or broadcast packets +- Antispoofing rules for each interface +- All traffic from Internal / DMZ to public must be NAT'ed +- All machines in DMZ + - Allowed to initiate any kind of connection to Public network +- Server10: + - Administrative access via SSH from Public and Internal Network + - HTTP access from Public and Internal Network + - DNS access from Public and Internal Network +- Server11: + - Administrative access via SSH from Public (Port 2222) and Internal Network + - SMTP access from Public and Internal Network +- All machines in Internal Network: + - Allowed to do FTP, SSH, POP3S, IMAP4S to Public Network + - HTTP via transparent proxy on Server11:3128 |