"Tino Didriksen" <news@projectjj.dk> wrote in news:3ef868fc$0$76092
$edfadb0f@dread11.news.tele.dk:

> How secure would this setup be in a firewall sense?
>
> Incoming packets (INPUT)
> --Default action: Drop
> Accept If protocol is ICMP and rate is less than 5/sec

You can allow those from your ISP or NOC only (except if YOU are an ISP
;-)


> Accept If protocol is UDP and destination ports are 123

It's up to you ;-)


> Accept If protocol is TCP and destination ports are
> 80,21,22,25,110,443,225,995

I don't know what you have in port 225.
Your potential problem could be a vulnerability in any of the allowed
services, I presume that this firewall is protecting a DMZ and the
firewall host itself isn't running ANYTHING other than the firewall...


> Accept If state of connection is ESTABLISHED,RELATED
>
> Outgoing packets (OUTPUT)
> --Default action: Accept

If you don't want to be nasty to your users... ;-)


> Accept If rate is less than 2000/sec and burst rate is less than 2000
> Accept If protocol is ICMP and rate is less than 5/sec
> Drop If protocol is ICMP

Cheers,
--
Nekromancer

"El nivel de conocimientos adquiridos es
inversamente proporcional a la temperatura del cafe"