Hi
I have installed and
configured Bastille as my firewall.
All is
well.
I would like to know
what ports to block ?
How can I find out
what ports are being used/abused?
My users are abusing
internet usage by audio streaming, downloading large files off the
net.
This causes valid
internet users to experience page timeouts, delays etc.
I would like to
restrict this to after 14h00 every day. ( Would I have to install Squid
for this ? )
The Network
environment is all XP/98 machines.
My Linux box serves
POP3 and HTTPD pages and is the gateway to the internet for my internal
network. It is multi-homed. And uses NAT.
As I
mentioned Bastille is running following an excerpt from my
bastille-firewall.cfg file...
# TCP services on
high ports that should be blocked if not forcing passive FTP
# This should include X (6000:6010) and anything else revealed by 'netstat -an'
# (this does not matter unless you're not forcing "passive" FTP)
#TCP_BLOCKED_SERVICES="6000:6020"
#
# UDP services to block: this should be UDP services on high ports.
# Your only vulnerability from public interfaces are the DNS and
# NTP servers/networks (those with 0.0.0.0 for DNS servers should
# obviously be very careful here!)
#UDP_BLOCKED_SERVICES="2049"
#
# types of ICMP packets to allow
#ICMP_ALLOWED_TYPES="destination-unreachable" # MINIMAL/SAFEST
# the following allows you to ping/traceroute outbound
#ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
TCP_BLOCKED_SERVICES="2049 2065:2090 6000:6020 7100"
UDP_BLOCKED_SERVICES="2049 6770"
ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
# This should include X (6000:6010) and anything else revealed by 'netstat -an'
# (this does not matter unless you're not forcing "passive" FTP)
#TCP_BLOCKED_SERVICES="6000:6020"
#
# UDP services to block: this should be UDP services on high ports.
# Your only vulnerability from public interfaces are the DNS and
# NTP servers/networks (those with 0.0.0.0 for DNS servers should
# obviously be very careful here!)
#UDP_BLOCKED_SERVICES="2049"
#
# types of ICMP packets to allow
#ICMP_ALLOWED_TYPES="destination-unreachable" # MINIMAL/SAFEST
# the following allows you to ping/traceroute outbound
#ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
#
# Please make sure variable assignments are on single lines; do NOT
# use the "\" continuation character (so Bastille can change the
# values if it is run more than once)
TCP_BLOCKED_SERVICES="2049 2065:2090 6000:6020 7100"
UDP_BLOCKED_SERVICES="2049 6770"
ICMP_ALLOWED_TYPES="destination-unreachable echo-reply time-exceeded"
......
Gavin Mellors
| ||||||||||||||||||||
NOTICES:
1. This message and any attachments are confidential and intended solely for the addressee. If you have received this message in error, please notify the sender at Business Connexion (Pty) Ltd immediately. Any unauthorised use, alteration or dissemination is prohibited.
2. Business Connexion (Pty) Ltd accepts no liability whatsoever for any loss whether it be direct, indirect or consequential, arising from information made available and actions resulting there from.
3. Please note that Business Connexion only binds itself by way of signed agreements. 'Signed' refers to a hand-written signature, excluding any signature appended by 'electronic communication' as defined in the Electronic Communications and Transactions Act, no. 25 of 2002.
4. Directors: P.A. Watt, L.B. Mophatlane, A.C. Farthing (British), B. Sithole, L.I. Mophatlane, M.W. Schoeman.
5. Business Connexion (Pty) Ltd Company Registration Number: 1993/003683/07
-- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
