Full Disclosure mailing list archives
Re: RE: Example firewall script
From: fd () ew nsci us
Date: Tue, 30 Aug 2005 17:15:49 -0700 (PDT)
On Tue, 30 Aug 2005, Rachael Treu Gomes wrote:
There are also issues of what KIND of ACL to use and where to place them; Inbound or Outbound. In terms of the original question, the only difference between a "good" line item or a "bad" line item is whether or not the syntax is correct.Nicely put.The only difference between a "good" ACL and a "bad" ACL is whether or not it's structure is properly designed and whether or not it's placed in the proper location.Again, nicely put. I might also suggest adding the idea that ACL logic and format follow with the same requirements for placement, and that overarching rules/guidelines regarding their structure and flow be evaluated on a case-by-case basis. It is incomplete and rife with exception, unfortunately, to decree that all ACLs and firewall feature sets be constructed in a particular manner without taking into account the particulars surrounding their respective deployments.
Can anyone suggest a book which discusses ACL theories in different points of view and practical (?existing) applications? I would love to see documentation which addresses security and manageability as it relating to things like minimal ACL-line duplication and ingress+egress filtering techniques. Even in Cisco and 5xx-level networking courses, these issues are barely touched on. For traffic policies, much has been learned from this list and from practical experience. -Eric -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- RE: [inbox] Example firewall script, (continued)
- RE: [inbox] Example firewall script Exibar (Aug 27)
- RE: Example firewall script ericscher () mac com (Aug 26)
- RE: Example firewall script ericscher () mac com (Aug 27)
- Re: RE: Example firewall script J.A. Terranson (Aug 27)
- Re: RE: Example firewall script James Tucker (Aug 27)
- RE: RE: Example firewall script Jan Nielsen (Aug 27)
- RE: [inbox] RE: RE: Example firewall script Exibar (Aug 28)
- Re: RE: Example firewall script mayhem (Aug 27)
- RE: [inbox] RE: Example firewall script Exibar (Aug 28)
- Re: RE: Example firewall script Rachael Treu Gomes (Aug 30)
- Re: RE: Example firewall script fd (Aug 30)
- Re: RE: Example firewall script J.A. Terranson (Aug 27)
- Re: RE: Example firewall script J.A. Terranson (Aug 27)
- Re: RE: Example firewall script Jason Coombs (Aug 27)
- Re: RE: Example firewall script J.A. Terranson (Aug 27)
- RE: RE: Example firewall script Bernardo MartÃn (Aug 29)