[SATLUG] Firewall initiated
Bruce Dubbs
bruce.dubbs at gmail.com
Tue Mar 20 18:57:19 CDT 2007
OK, I did the following:
DROP all -- 206.161.0.0/16 0.0.0.0/0
DROP all -- 0.0.0.0/7 0.0.0.0/0
DROP all -- 5.0.0.0/8 0.0.0.0/0
DROP all -- 7.0.0.0/8 0.0.0.0/0
DROP all -- 10.0.0.0/8 0.0.0.0/0
DROP all -- 23.0.0.0/8 0.0.0.0/0
DROP all -- 25.0.0.0/8 0.0.0.0/0
DROP all -- 27.0.0.0/8 0.0.0.0/0
DROP all -- 31.0.0.0/8 0.0.0.0/0
DROP all -- 36.0.0.0/7 0.0.0.0/0
DROP all -- 42.0.0.0/7 0.0.0.0/0
DROP all -- 58.0.0.0/7 0.0.0.0/0
DROP all -- 60.0.0.0/7 0.0.0.0/0
DROP all -- 62.0.0.0/8 0.0.0.0/0
DROP all -- 77.0.0.0/8 0.0.0.0/0
DROP all -- 78.0.0.0/7 0.0.0.0/0
DROP all -- 80.0.0.0/4 0.0.0.0/0
DROP all -- 100.0.0.0/6 0.0.0.0/0
DROP all -- 96.0.0.0/4 0.0.0.0/0
DROP all -- 120.0.0.0/5 0.0.0.0/0
DROP all -- 173.0.0.0/8 0.0.0.0/0
DROP all -- 172.0.0.0/6 0.0.0.0/0
DROP all -- 176.0.0.0/6 0.0.0.0/0
DROP all -- 180.0.0.0/6 0.0.0.0/0
DROP all -- 187.0.0.0/8 0.0.0.0/0
DROP all -- 192.168.0.0/16 0.0.0.0/0
DROP all -- 172.16.0.0/16 0.0.0.0/0
DROP all -- 193.0.0.0/8 0.0.0.0/0
DROP all -- 194.0.0.0/7 0.0.0.0/0
DROP all -- 202.0.0.0/7 0.0.0.0/0
DROP all -- 210.0.0.0/7 0.0.0.0/0
DROP all -- 212.0.0.0/7 0.0.0.0/0
DROP all -- 217.0.0.0/8 0.0.0.0/0
DROP all -- 218.0.0.0/7 0.0.0.0/0
DROP all -- 220.0.0.0/6 0.0.0.0/0
DROP all -- 224.0.0.0/3 0.0.0.0/0
This is pretty draconian as *nothing* will be allowed from outside the
western hemisphere. Note that outgoing TCP connections are effectively
blocked too.
I could back off to only block ports 22 and 80, but I don't see the need
yet. If someone sees an issue, let me know.
-- Bruce
More information about the SATLUG
mailing list