求教诸位大大这样设置防火墙全局规则安全否

显示全部楼层 · 发表于 2010-6-28 21:08:26

本帖最后由加菲猫于 2010.6.28 21:10 编辑

显示全部楼层 · 发表于 2010-6-28 21:47:49

你的P2P端口都没开放，迅雷下载吗

危险端口也没阻止外连。。。倒是阻止了特权端口。。。

你这种写法应该会有很多ICMP的日志的。。。呵呵

显示全部楼层 · 发表于 2010-6-29 18:23:36

本帖最后由 liudianshui 于 2010.6.29 18:27 编辑

个人comodo防火墙全局规则

显示全部楼层 · 发表于 2010-7-17 13:54:07

个人comodo防火墙全局规则
liudianshui 发表于 2010.6.29 18:23

具体怎么设置的哦？
请指教

显示全部楼层 · 发表于 2010-7-17 16:28:02

本帖最后由 liudianshui 于 2010.7.17 16:35 编辑

(1)局域网规则，
Block IP out from not 本机mac地址 to ip any where protocol is any
禁止非本机mac外联
Block IP out from ip not 本机ip to ip any where protocol is any
禁止非本机ip外联

(2)阻止一切危险出的规则
Block And Log TCP OR UDP Out From IP Any To IP Any Where Source Port Is In [Privileged and Dangerous Ports] And Destination Port Is Any
阻止和记录特权端口和危险端口的连出,一般用户不会用到特权和危险端口。

(3)允许 in 的规则
Allow TCP In From IP Any To IP Any Where Source Port Is In [Dynamic Ports 1025-65535] And Destination Port Is In [P2P TCP In]
P2P TCP In
Allow UDP In From IP Any To IP Any Where Source Port Is In [Dynamic Ports 1025-65535] And Destination Port Is In [P2P UDP In]
P2P UDP In
Allow TCP In From IP Any To IP Any Where Source Port Is 20 And Destination Port Is In [Dynamic Ports 1025-65535]
主动FTP In

(4)一般网络应用规则
Allow TCP OR UDP Out From IP Any To IP Any Where Source Port Is In [Dynamic Ports 1025-65535] And Destination Port Is Any
允许一般的网络应用

(5)ICMP规则
Allow ICMP Out From IP Any to IP Any Where ICMP Message Is ECHO REQUEST
允许 ICMP 回显请求
Allow ICMP In From IP Any to IP Any Where ICMP Message Is ECHO REPLY
允许 ICMP 回显应答
Allow ICMP In From IP Any to IP Any Where ICMP Message Is FRAGMENTATION NEEDED
允许 ICMP需要分片
Allow ICMP In From IP Any to IP Any Where ICMP Message Is TIME EXCEEDED
允许 ICMP 超时
Allow ICMP In From IP Any to IP Any Where ICMP Message Is PORT UNREACHABLE
允许 ICMP 端口不可达

(6)阻止一切进出规则
Block And Log IP In/Out From IP Any To IP Any Where Protocol Is Any
阻止一切连接

[求助] 求教诸位大大这样设置防火墙全局规则安全否

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块

[求助] 求教诸位大大 这样设置防火墙全局规则安全否

本帖子中包含更多资源

本帖子中包含更多资源

浏览过的版块

[求助] 求教诸位大大这样设置防火墙全局规则安全否