Firewall Baseline Rule Set
The Baseline Firewall Rule Set is a basic firewall rule set that can be a starting point for many customers. The baseline rules and one or two of the common options will cover most customers.
- Block outbound "bad" ports - "bad" ports are defined as the ports primarily used for worm/virus propagation and other bad behavior. UW Technology defines "bad" ports as TCP and UDP ports 135, 136, 137, 138. 139, and 445.
- Allow all other outbound traffic
- Allow all traffic to and from UW Technology management networks
- Allow DHCP from UW Technology campus servers
- Block all other inbound traffic that isn't part of an established, stateful connection.
- Allow outbound "bad" ports.
- "Open" addresses - Traffic to and from the "Open" hosts will not have any rules applied to them, and will require active host/server administration and possibly their own, customer-provided and administered firewall. This is somewhat similar to "DMZ" hosts, however, in this case, there is no protection between the "Open" hosts and the rest of the protected subnet.
- Nebula machines - Nebula machines will require additional ports to be open through the firewall.
- UW Windows Infrastructure - Customers using UWWI will need additional UW-IT servers to be open through the firewall ( UWWI page ).
- "Trusted" subnets - "Trusted" subnets will allow traffic to and from these subnets without applying any rules.
- Allow subnet services - Specific services can be
allowed through the firewall, however they will be
allowed to all devices on the subnet. Here are some
- ssh (22)
- smtp (25)
- ipsec (50, 51, 500)
- dns (53)
- http (80)
- https (443)
- kerberos (88)
- ntp (123)
- imap (143)
- imaps (993)
- ldap (389, 636)
- dhcp (546, 547)
- rtsp (554)
- nntp (563)
- l2tp (1701)
- pptp (1723)
- rdp (3389)
- Firewall logs - Raw firewall logs can be sent via syslog provided the customer has a syslog server set up and wants the data.