background preloader

Firewall, Tutorials & Guides

Facebook Twitter

Untitled. The Ins and Outs of Bi-directional Firewall Rules - Forefront TMG Reporting. 2inShare When I look at firewalls rule sets maintained by other companies, I often notice the same common mistakes.

The Ins and Outs of Bi-directional Firewall Rules - Forefront TMG Reporting

The one is see most often is potentially the worst. I can speculate on a number of reasons how these rules actually get defined and implemented, but it all comes down to the same thing. They way traffic is evaluated and processed by a firewall is not always understood correctly. The result is a rule that looks like this. The thinking being that the client needs a way to connect to the web server and that the web server needs a way to connect back to the client.

Dissecting a Firewall Rule The very essence of a firewall is to limit or restrict unwanted traffic, it does this by evaluating specific criteria. Source IP addressSource PortDestination IP addressDestination PortProtocol For a TCP rule such as HTTP, the following three step handshake applies: The source or client is the computer initiating the conversation with a SYN packet. Untitled. Inbound vs. Outbound traffic confusion - Ars Technica OpenForum. /EDIT: I thought a bit, previously I was in a hurry. I know that acknowledgement packets must be transmitted all the time, so "traffic" is more complicated than one way ore another. There is a whole world of package-types. But I meant particulary for the flow. For the specific direction of data flow, I thought that some types of traffic are obviously different from others (so classified differently), in meaning that some types of connections, for example the one IRC uses (I really don't know if it is one-to-one or through server), various online chat rooms, etc. are established "both ways" directly between two computers for all the time of some particular session.

Then further DNS, various ICM traffic (like echo replies) are also "both ways" in a way, but I didn't imagined them as "established", but rather as a small confirmating/checking/verifying packets, because (at least am sure for DNS), there must be a request and response, for the computer's-IP-resolving task to complete. Cheers. VMware NSX Distributed Firewall Rules – Scoping and Direction Matter. I, like I’m sure many of you, were not traditionally firewall or security admins prior to adding VMware NSX to your vSphere environments.

VMware NSX Distributed Firewall Rules – Scoping and Direction Matter

As such, there’s been a bit of a learning curve for me regarding what I knew [or thought I knew] regarding physical firewalls and how that translates [or doesn’t] to the NSX Distributed Firewall (DFW). As I’ve been rolling out NSX DFW rules to various types of systems with different accessibility requirements, I ran across some unexpected behavior when scoping the rules. Let’s look at an example 2 tier application consisting of a “web server” and an “app server”. If this were a traditional physical firewall setup, the web server would probably be in the DMZ, or at least a different subnet from the app server, the traffic would route through the firewall and rules would be applied to allow or restrict traffic. However – everything is not as it seems… At this point, I have created DFW rules functionally identical to the first diagram in this post. Source Link. Direction option when creating firewall rule. What don't you understand?

Direction option when creating firewall rule

That blog post was mine, btw. As an example scenario: 1) a DFW rule is created for "web servers" that says source "any" to destination "web server" over 80/443 is allowed and the direction is set to in/out 2) you have an app server where the only traffic allowed outbound is source "app server" to destination "database server" over 1433 and the direction is set to in/out 3) all other traffic not explicitly allowed is blocked by the default rule In this scenario, even though the firewall rules applying to the application server only allow communication over 1433 to the database server, the "any" 80/443 rule applied to the web servers counts as a policy match for the app server, as it is indeed part of "any" possible source. Let's modify the above scenario: Http - If you block all incoming connections, how can you still use the internet? - Super User.

Source Link. If You Block all Incoming Connections, How can You Still Use the Internet? If all incoming connections to your computer are being blocked, then how can you still receive data and/or have an active connection?

If You Block all Incoming Connections, How can You Still Use the Internet?

Today’s SuperUser Q&A post has the answer to a confused reader’s question. Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites. Screenshot courtesy of Linux Screenshots (Flickr). The Question SuperUser reader Kunal Chopra wants to know how his computer can still receive data if all incoming connections have been blocked: If your ISP or firewall is blocking all incoming connections, how can web servers still send data to your browser?

Dd-wrt firewall. Gist.githubusercontent. Hyperlink. Iptables command.