www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Firewall Setup

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
nospoftombl



Joined: 26 Oct 2015
Posts: 2

PostPosted: Tue Oct 27, 2015 6:07 pm    Post subject: Firewall Setup Reply with quote

Hi,

I read many posts on this forum and some of the documentation about zeroshell available on the homepage but I'm still not sure about the following question:

If I run zeroshell as firewall (ADSL-Router -> zeroshell -> LAN / WLAN) is it sufficient secure to leave the default policies on ACCEPT? Does zeroshell guarantee in the default-setup that no unwanted packets get into my LAN by dropping them if no virtual server is set up which forwards these?

If not and I have to change the default policies to DROP is there a guide or tutorial for this kind of setup which tells what rules to add to the chains to get internet access, mails etc. from the LAN running?
Back to top
View user's profile Send private message
igork



Joined: 16 Oct 2015
Posts: 29

PostPosted: Tue Oct 27, 2015 9:39 pm    Post subject: Reply with quote

Why would you want to be ACCEPT? It is always more secure to use DROP.
Back to top
View user's profile Send private message
nospoftombl



Joined: 26 Oct 2015
Posts: 2

PostPosted: Tue Oct 27, 2015 10:09 pm    Post subject: Reply with quote

Well, because it's the default? And the default-setup for a firewall-product should be a reasonable setting, isn't it?

The consequences if using DROP on all chains is - if I understand that right - that I have to specify every single rule for packets passing the firewall for myself, or are there settings for the iptables "built in" zeroshell which handles most / some commonly used cases (as for the default-setup ACCEPT)???
Back to top
View user's profile Send private message
igork



Joined: 16 Oct 2015
Posts: 29

PostPosted: Tue Oct 27, 2015 10:20 pm    Post subject: Reply with quote

I do not think so. Default ACCEPT means to allow all traffic and I would not leave it like this.

Not sure why it is done ACCEPT, maybe because it is not necessarily works as a firewall too. All those modules are options, but, if you want to use them, you have to start modifications.

This how I think about this, but I could be wrong.
Back to top
View user's profile Send private message
reaperz



Joined: 13 Apr 2012
Posts: 93

PostPosted: Tue Nov 10, 2015 12:22 pm    Post subject: Reply with quote

I am sure default policy is ACCEPT because it is more user-friendly.

I use ACCEPT at home too. I leave DROP for work, I have enough trouble managing networks there (zeroshell or other FW, does not matter).
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group