[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Qube2 Firewall "feature"
- Subject: Re: [cobalt-security] Qube2 Firewall "feature"
- From: Mike Vanecek <nospam99@xxxxxxxxxxxx>
- Date: Mon, 20 Mar 2000 16:34:34 -0600
I have been trying to use the Cobalt Firewall wizard to generate my ip
filters. The ones it suggests do not make a whole lot of sense to me (may be
my newness at figuring out the Qube2 ip filter logic). I thought I read a
post from someone saying that the wizard and/or the Qube2 IP filtering method
had a flaw and that Cobalt was working on it. However, I have not been able
to find the message nor anything in the KB that helps.
Do you know if the wizard and/or the Qube2 ip filters have any bugs? If so,
what?
Basically, I want to set up filtering to accomplish what you have indicated
in your message. Any tips on setting up efficient filters?
Does the Qube2 log filters that are rejected? If so, where and how to I
review them? I'd like to know if an attempt was made to get through the
firewall.
Thanks.
On Sun, 19 Mar 2000 22:13:17 -0600, "Jeff Newman" <mjeffn@xxxxxxxx> wrote:
:>Malcolm:
:>
:>Outbound refers to what protocols you allow the users behind the firewall to
:>use. Generally with the Cube as your firewall, you will allow all outbound
:>connections and deny all inbound connections except to the services that you
:>want connected such as ports 21, 25, 80 and all ports in the range from 1025
:>to 65355. NEVER allow an outside connection to 139, in fact don't run SMB
:>if this is your firewall. That's just asking for trouble. With the cube,
:>you can even make things worse yet by using it to authenticate your trusted
:>network users under any circumstance! Don't forget to include as the last
:>line in the firewall a statement that denys all incoming to all destinations
:>on all protocols.