Firewall Setup

Home Page Forums Network Management ZeroShell Firewall Setup

This topic contains 3 replies, has 0 voices, and was last updated by  nospoftombl 3 years, 3 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #44420

    nospoftombl
    Member

    Hi,

    I read many posts on this forum and some of the documentation about zeroshell available on the homepage but I’m still not sure about the following question:

    If I run zeroshell as firewall (ADSL-Router -> zeroshell -> LAN / WLAN) is it sufficient secure to leave the default policies on ACCEPT? Does zeroshell guarantee in the default-setup that no unwanted packets get into my LAN by dropping them if no virtual server is set up which forwards these?

    If not and I have to change the default policies to DROP is there a guide or tutorial for this kind of setup which tells what rules to add to the chains to get internet access, mails etc. from the LAN running?

    #53939

    igork
    Member

    Why would you want to be ACCEPT? It is always more secure to use DROP.

    #53940

    nospoftombl
    Member

    Well, because it’s the default? And the default-setup for a firewall-product should be a reasonable setting, isn’t it?

    The consequences if using DROP on all chains is – if I understand that right – that I have to specify every single rule for packets passing the firewall for myself, or are there settings for the iptables “built in” zeroshell which handles most / some commonly used cases (as for the default-setup ACCEPT)???

    #53941

    igork
    Member

    I do not think so. Default ACCEPT means to allow all traffic and I would not leave it like this.

    Not sure why it is done ACCEPT, maybe because it is not necessarily works as a firewall too. All those modules are options, but, if you want to use them, you have to start modifications.

    This how I think about this, but I could be wrong.

    #53942

    reaperz
    Member

    I am sure default policy is ACCEPT because it is more user-friendly.

    I use ACCEPT at home too. I leave DROP for work, I have enough trouble managing networks there (zeroshell or other FW, does not matter).

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.