Can't seem to close Port 53 even with explicit firewall. The other ports are a mix of closed and stealthed. I would prefer all of them to be stealthed.
I would guess that 53 is open because of the configuration in 'Web Services >> DNS' 'Allowed networks'. Do you have "Internet" or "Any" in there?
To "stealth" a port, you can take advantage of what I call Rule #2:
In general, a packet arriving at an interface is handled only by one of the following, in order: DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.
So, make a Network Group "Public IPs" that contains all of the public-facing "(Address)" objects created by WebAdmin when Interfaces and Additional Addresses were defined. Also, create a Services Group "Stealth" that contains the services you want to hide. Finally, create a NAT rule 'DNAT : Internet -> Stealth -> Public IPs : to {non-existant IP}'.
I would guess that 53 is open because of the configuration in 'Web Services >> DNS' 'Allowed networks'. Do you have "Internet" or "Any" in there?
To "stealth" a port, you can take advantage of what I call Rule #2:
In general, a packet arriving at an interface is handled only by one of the following, in order: DNATs first, then VPNs and Proxies and, finally, manual Routes and Firewall rules.
So, make a Network Group "Public IPs" that contains all of the public-facing "(Address)" objects created by WebAdmin when Interfaces and Additional Addresses were defined. Also, create a Services Group "Stealth" that contains the services you want to hide. Finally, create a NAT rule 'DNAT : Internet -> Stealth -> Public IPs : to {non-existant IP}'.
