Firewall

From DD-WRT Wiki

Revision as of 22:55, 27 June 2005 by Scott (Talk | contribs)
Jump to: navigation, search

help prevent virus/worm congesting the internet...?? it happened to my network. an infected pc cause the whole network inaccessible.

http://wl500g.info/showthread.php?t=2515

http://forum.bsr-clan.de/ftopic1305.html 


firewall help??

these worms stuff really slowing down lots of my network traffic. after fixing one pc, there come another ones... it's endless job when the users doesnt know how to block those worms using firewall...

so, i plan to make it on router side. which is on the linksys and wl500g.

but, i'm no linux expert also...

so, anyone please help.. how do i set up rules like these:

1. block all local connection (ie, from ip 192.168.1.100 to 192.168.1.200, etc..) because it's use only for internet

2. the only local connection allow is off course, between routers (linksys,wl500g,etc..)

3a. allow only certain ports to the internet (like web, proxy, mail: 80,3128,8080,110,25,etc) and block all the rest OR

3b. block all ports that are known used by worms/virus/etc and allow all the rest

4. limit max connection allowed per ip address?

5. attack detection. if too many connection comes from an ip, that ip is block for few seconds. if the connection is on certain ports, that port blocked for few minutes.

6. send an alert about those attack. either to an email address and/or using windows' net send protocol to the 'infected' ip and admin's ip


can we apply tarpit to slow down these worms?

like this: http://www.securityfocus.com/infocus/1723

Retrieved from "http://forum.dd-wrt.com/wiki/index.php/Firewall"