Firewall Wizards mailing list archives

Re: How to keep firewall rules clean and up-to-date

From: Tracy Reed <treed () ultraviolet org>
Date: Wed, 27 Apr 2011 15:45:20 -0700

On Tue, Apr 26, 2011 at 01:12:06PM +0200, Ilias - spake thusly:

What do you do to keep your firewall rules clean and up-to-date?


Periodic firewall config audits. Review each rule, make sure it still has a
purpose. Ideally you would search the rules whenever a box is retired but that
has been difficult to enforce in my environments. Best is to have reviews
regularly enough that when you see a rule for a box that has recently been
retired you recognize it. 

I extensively comment my firewall rules also and explain why each rule is there
and what it is intended to do. That makes recognizing unneeded rules much
easier.

Accounting on your firewall rules is nice also. If you see a rule that hasn't
been hit in a while or only hit with a few packets such as might result from a
SYN scan from the net you can investigate if it is needed anymore and remove it.

If a server changes IP addresses we have always found it easier with our system
to edit the existing rule rather than add a new one so we tend not to get
duplicates rules because a system changed IP addresses.

-- 
Tracy Reed

Attachment: _bin
Description:

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

How to keep firewall rules clean and up-to-date Ilias - (Apr 27)
- Re: How to keep firewall rules clean and up-to-date TAS (Apr 27)
- Re: How to keep firewall rules clean and up-to-date Tracy Reed (Apr 27)
  - Re: How to keep firewall rules clean and up-to-date K K (Apr 27)
- Re: How to keep firewall rules clean and up-to-date Magosányi Árpád (Apr 28)
- <Possible follow-ups>
- Re: How to keep firewall rules clean and up-to-date Lloyd, Mike (Apr 28)