Re: Portmaster FireWall

John G. Thompson (jgt10@livingston.com)
Mon, 21 Oct 1996 09:58:27 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Jamerson: "Setting up/using radius.dbm"
Previous message: Matthew S. Crocker: "Re: Livingston undeliverables..."
In reply to: Steven R. Johnson: "Portmaster FireWall"

On Fri, 18 Oct 1996, Steven R. Johnson wrote:
>
> Hello, I have the Livingston FireWall. How do I set it up so people cant
> spoof my IP addresses? Can someone help me out with this? thanks

Steve,

You may want to get the firewall app notes off the Livingston web page.
Customer Service -> App notes ...

Bascially, the filter depends on you internal network address, call it
a.b.c.0 and a class C netmask (/24, 255.255.255.0)

The usual setup is that your internet connection comes in on the S1 port,
adjust for your exact situation.

Command> add fil sp.in
Command> set fil sp.in 1 deny a.b.c.0/24 0.0.0.0/0
Command> set fil sp.in 2 permit 0.0.0.0/0 a.b.c.0/24
Command> set fil sp.in 3 permit 0.0.0.0/0 a.b.c.0/24 icmp
Command> set s1 if sp.in
Command> save all
Command> res s1

Rule 1 is your ip spoofing protection.

Rule 2 allows all other IP traffic to your netowrk.

Rule 3 allows icmp traffic.

Any other traffic not matched by the above 3 rules is denied.

Hope that helps!

JGT
internet petrochemical primate

--
John G. Thompson      Livingston Enterprises Inc.    Phone: (800) 458-9966
JOAT(MON)             6920-220 Koll Centre Pkwy.       Fax: (510) 426-8951
support@livingston.com Pleasanton, CA 94566      http://www.livingston.com

Next message: John Jamerson: "Setting up/using radius.dbm"
Previous message: Matthew S. Crocker: "Re: Livingston undeliverables..."
In reply to: Steven R. Johnson: "Portmaster FireWall"