Introduction to IP Filter

by Jeremy Rauch
Sept. 19, 2017 1 comment Symantec Apps & Hardening

Any outbound TCP connections are allowed. Hosts in the 10.20.30.0/24 range will be allowed to connect via SSH. Any host may connect to the webserver. Finally, stateful connections will be allowed to the two nameservers, 10.20.30.13 and 10.20.30.14 on port 53. By following a policy of only allowing specific connections, and denying everything else, we can help protect ourselves against a variety of errors, as well as users attempting to run daemons. For example, applying patches can often result in services being re-enabled. This way, even if a service is unintentionally re-enabled, they cannot be contacted

https://www.symantec.com/connect/articles/introduction-ip-filter

Avatar
2flash 7 months, 1 week ago

A very good 101 on IP filters! Well documented too!

Reply