Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 3 subscribers
  • Views 557 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

rules examples (how to improve?)

zeek
Greetings,

I've been using the rules below, which are admittedly a quick hack. Can someone suggest a better set? 

penelope is the server handling all the allowed rules indicated, indigo-net is the internal network. 


Cheers,
-zeek


  from                  svc             server action

1  Any                  FTP             penelope Allow
2  Any                  FTP-CONTROL     penelope Allow
3  Any                  HTTP            penelope Allow
4  Any                  SMTP            penelope Allow
5  indigo-net           netbios         Any     Drop
6  indigo-net           Any             Any     Allow
7  Any                  Any             indigo-net-bcast Drop
8  Any                  SSH             penelope Allow

----


This thread was automatically locked due to age.
Parents
  • 0
    You could combine the various allowed services into a single group and reduce the number of rules.

    1 Any {allowed-services} penelope allow
    2 indigo-net {netbios} any drop
    3 indigo-net any any allow
    etc

    {allowed-services} would be:
          FTP & Control, HTTP, SMTP, SSH and possibly HTTPS

    Sean
Reply
  • 0
    You could combine the various allowed services into a single group and reduce the number of rules.

    1 Any {allowed-services} penelope allow
    2 indigo-net {netbios} any drop
    3 indigo-net any any allow
    etc

    {allowed-services} would be:
          FTP & Control, HTTP, SMTP, SSH and possibly HTTPS

    Sean
Children
No Data
Unfiltered HTML