Firewall

From DD-WRT Wiki

(Difference between revisions)
Jump to: navigation, search
Revision as of 09:21, 10 June 2005 (edit)
222.124.96.59 (Talk)

← Previous diff
Revision as of 09:22, 10 June 2005 (edit) (undo)
222.124.96.59 (Talk)

Next diff →
Line 20: Line 20:
1. block all local connection (ie, from ip 192.168.1.100 to 192.168.1.200, etc..) because it's use only for internet 1. block all local connection (ie, from ip 192.168.1.100 to 192.168.1.200, etc..) because it's use only for internet
 +
2. the only local connection allow is off course, between routers (linksys,wl500g,etc..) 2. the only local connection allow is off course, between routers (linksys,wl500g,etc..)
 +
3a. allow only certain ports to the internet (like web, proxy, mail: 80,3128,8080,110,25,etc) and block all the rest 3a. allow only certain ports to the internet (like web, proxy, mail: 80,3128,8080,110,25,etc) and block all the rest
OR OR
 +
3b. block all ports that are known used by worms/virus/etc and allow all the rest 3b. block all ports that are known used by worms/virus/etc and allow all the rest
4. limit max connection allowed per ip address? 4. limit max connection allowed per ip address?
 +
5. attack detection. if too many connection comes from an ip, that ip is block for few seconds. if the connection is on certain ports, that port blocked for few minutes. 5. attack detection. if too many connection comes from an ip, that ip is block for few seconds. if the connection is on certain ports, that port blocked for few minutes.
6. send an alert about those attack. either to an email address and/or using windows' net send protocol to the 'infected' ip and admin's ip 6. send an alert about those attack. either to an email address and/or using windows' net send protocol to the 'infected' ip and admin's ip

Revision as of 09:22, 10 June 2005

help prevent virus/worm/p2p congesting the internet...?? it happened to my network. an infected pc cause the whole network inaccessible.

http://wl500g.info/showthread.php?t=2515

http://forum.bsr-clan.de/ftopic1305.html


firewall help??

these worms stuff really slowing down lots of my network traffic. after fixing one pc, there come another ones... it's endless job when the users doesnt know how to block those worms using firewall...

so, i plan to make it on router side. which is on the linksys and wl500g.

but, i'm no linux expert also...

so, anyone please help.. how do i set up rules like these:

1. block all local connection (ie, from ip 192.168.1.100 to 192.168.1.200, etc..) because it's use only for internet

2. the only local connection allow is off course, between routers (linksys,wl500g,etc..)

3a. allow only certain ports to the internet (like web, proxy, mail: 80,3128,8080,110,25,etc) and block all the rest OR

3b. block all ports that are known used by worms/virus/etc and allow all the rest

4. limit max connection allowed per ip address?

5. attack detection. if too many connection comes from an ip, that ip is block for few seconds. if the connection is on certain ports, that port blocked for few minutes.

6. send an alert about those attack. either to an email address and/or using windows' net send protocol to the 'infected' ip and admin's ip