Firewall Rules – Bridge Mode

Home Page Forums Network Management ZeroShell Firewall Rules – Bridge Mode

This topic contains 0 replies, has 0 voices, and was last updated by  SupaJ 9 years, 6 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #42198

    SupaJ
    Member

    This is my setup:

    Internet — Windoze Server — ZeroShell VM appliance(Bridge Mode) — Switch — LAN

    I’m trying to block all internet traffic except http(tcp port 80). I also want all netbios services on the server so I need to open port(tcp 137:139, 445).

    Below are the default firewall policies and rules. I’m I going through this the right way? If you look at my rules carefully you will notice that I’ve created Forward Rules for both ETH00 and ETH01 to allow me to access websites. The same goes for the other forward rules. Is this how it is done or is there a simpler way? Also I’d appreciate if anyone could point me to any documentation on configuring these rules in ZeroShell. Thanks much.

    Policy DROP Chain FORWARD
    Policy DROP Chain INPUT
    Policy ACCEPT Chain OUTPUT

    FORWARD Rules
    Seq Input Output Description
    1 ETH00 * ACCEPT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 udp dpt:53
    2 ETH01 * ACCEPT udp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 udp spt:53
    3 ETH00 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 tcp dpt:80
    4 ETH01 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 tcp spt:80
    5 ETH00 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 tcp dpts:137:139
    6 ETH00 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 tcp spts:137:139
    7 ETH00 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00 tcp dpt:445
    8 ETH01 * ACCEPT tcp opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH01 tcp spt:445

    INPUT Rules
    Seq Input Output Description
    1 ETH00 * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 PHYSDEV match –physdev-in ETH00
    2 * * ACCEPT all opt — in * out * 0.0.0.0/0 -> 0.0.0.0/0 state RELATED,ESTABLISHED

    #49604

    ppalias
    Member

    Seems to be ok, if it doesn’t work for you, you can switch from physical interfaces to the BRIDGE00 interface.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.