Basic IPTable filter

How secure would this setup be in a firewall sense?

Incoming packets (INPUT)
--Default action: Drop
Accept If protocol is ICMP and rate is less than 5/sec
Accept If protocol is UDP and destination ports are 123
Accept If protocol is TCP and destination ports are
80,21,22,25,110,443,225,995
Accept If state of connection is ESTABLISHED,RELATED

Outgoing packets (OUTPUT)
--Default action: Accept
Accept If rate is less than 2000/sec and burst rate is less than 2000
Accept If protocol is ICMP and rate is less than 5/sec
Drop If protocol is ICMP

-- Tino Didriksen

"Tino Didriksen" <news@projectjj.dk> wrote in news:3ef868fc$0$76092
$edfadb0f@dread11.news.tele.dk:

> How secure would this setup be in a firewall sense?
>
> Incoming packets (INPUT)
> --Default action: Drop
> Accept If protocol is ICMP and rate is less than 5/sec

You can allow those from your ISP or NOC only (except if YOU are an ISP
;-)


> Accept If protocol is UDP and destination ports are 123

It's up to you ;-)


> Accept If protocol is TCP and destination ports are
> 80,21,22,25,110,443,225,995

I don't know what you have in port 225.
Your potential problem could be a vulnerability in any of the allowed
services, I presume that this firewall is protecting a DMZ and the
firewall host itself isn't running ANYTHING other than the firewall...


> Accept If state of connection is ESTABLISHED,RELATED
>
> Outgoing packets (OUTPUT)
> --Default action: Accept

If you don't want to be nasty to your users... ;-)


> Accept If rate is less than 2000/sec and burst rate is less than 2000
> Accept If protocol is ICMP and rate is less than 5/sec
> Drop If protocol is ICMP

Cheers,
--
Nekromancer

"El nivel de conocimientos adquiridos es
inversamente proporcional a la temperatura del cafe"