Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 2305 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Block Everything Inbound Except Reverse-Proxy and VPN

Paul Dugas

I'd like to cut down on the Default DROP lines in the firewall logs that result from all the TELNET, SSH, SIP, etc probes I get on my WAN interface.  I know that the only externally-initiated traffic I support is HTTP/HTTPS to the reverse-proxy, TCP to the alternate port I use for the User Portal, IPSEC for a couple site-to-site tunnels, and L2TP for remote-access VPN users.  

I'm thinking about creating rules to specifically allow these with a "DROP ANY:ANY->WAN:ANY" rule after.  Do I need to include rules to allow inbound IPSEC and L2SP or does that traffic get handled earlier (i.e. BAlfson's Rule #2)?



This thread was automatically locked due to age.
Parents
  • 0

    Your idea should work, Paul.  My personal preference would be to see some failed attempts in the log, maybe just dropping the obvious hack attempts like SIP, SSH, TELNET, etc.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I don't need to account for traffic bound for the user portal, reverse-proxy, or VPN in my ALLOW lines before that DROP-everything line, right?

Reply Children
Unfiltered HTML