hi guys passive firewall

hi guys passive firewall

[Remo Mattei]

HI guys just a quick check with any of you. 
I have an office with 64 ips which are all valid. I have some server 
that do not need any security enable. But I do have other that I will 
have to firewall down any suggestions? Will all rules come in into the 
input chains and then forward all other packages work.

THANKS, any suggestions are appreciated.

REMO

Re: hi guys passive firewall

[Antony Stone]

On Sunday 07 July 2002 4:20 am, Remo Mattei wrote:

> I have an office with 64 ips which are all valid. I have some server
> that do not need any security enable.

Oh yeah ?   What kind of servers are those, then ?   How come they're not 
vulnerable to anything and therefore don't need any security :-) ?

> But I do have other that I will
> have to firewall down any suggestions? Will all rules come in into the
> input chains and then forward all other packages work.

Depends whether you're talking about putting netfilter onto the server itself 
(in which case you filter the INPUT chain), or whether netfilter is on a 
router between the servers and the Internet (in which case you filter the 
FORWARD chain).

 

Antony.

Re: hi guys passive firewall

[Antony Stone]

On Sunday 07 July 2002 4:26 pm, Remo Mattei wrote:

> Antony Stone wrote:

> > Depends whether you're talking about putting netfilter onto the server
> > itself (in which case you filter the INPUT chain), or whether netfilter
> > is on a router between the servers and the Internet (in which case you
> > filter the FORWARD chain).
>
> So I guess since the anwser is above I just will use the forward and let
> everything pass in the input.

It sounds to me as though you are uncertain about how packets pass through a 
netfilter firewall.

Packets addressed to the firewall itself go through the INPUT chain.

Packets being routed from a machine on one side of the firewall to a machine 
on the other go through the FORWARD chain.

Packets originating on the firewall itself go through the OUTPUT chain.

No single packet will ever go through both the INPUT and the FORWARD chains, 
or the FORWARD and the OUTPUT chains.

 

Antony.

Re: hi guys passive firewall

[Remo Mattei]

[-- Attachment #1: Type: text/plain, Size: 1006 bytes --]



Antony Stone wrote:

>On Sunday 07 July 2002 4:20 am, Remo Mattei wrote:
>
>>I have an office with 64 ips which are all valid. I have some server
>>that do not need any security enable.
>>

>
>Oh yeah ?   What kind of servers are those, then ?   How come they're not 
>vulnerable to anything and therefore don't need any security :-) ?
>
I guess I should say that the server itself have a firewall not that do 
not need any security on them!!!

>
>>But I do have other that I will
>>have to firewall down any suggestions? Will all rules come in into the
>>input chains and then forward all other packages work.
>>
>
>Depends whether you're talking about putting netfilter onto the server itself 
>(in which case you filter the INPUT chain), or whether netfilter is on a 
>router between the servers and the Internet (in which case you filter the 
>FORWARD chain).
>
So I guess since the anwser is above I just will use the forward and let 
everything pass in the input.

Thanks anthony

> 
>
>Antony.
>


[-- Attachment #2: Type: text/html, Size: 1945 bytes --]