Firewall Wizards mailing list archives
Re: How to keep firewall rules clean and up-to-date
From: Tracy Reed <treed () ultraviolet org>
Date: Wed, 27 Apr 2011 15:45:20 -0700
On Tue, Apr 26, 2011 at 01:12:06PM +0200, Ilias - spake thusly:
What do you do to keep your firewall rules clean and up-to-date?
Periodic firewall config audits. Review each rule, make sure it still has a purpose. Ideally you would search the rules whenever a box is retired but that has been difficult to enforce in my environments. Best is to have reviews regularly enough that when you see a rule for a box that has recently been retired you recognize it. I extensively comment my firewall rules also and explain why each rule is there and what it is intended to do. That makes recognizing unneeded rules much easier. Accounting on your firewall rules is nice also. If you see a rule that hasn't been hit in a while or only hit with a few packets such as might result from a SYN scan from the net you can investigate if it is needed anymore and remove it. If a server changes IP addresses we have always found it easier with our system to edit the existing rule rather than add a new one so we tend not to get duplicates rules because a system changed IP addresses. -- Tracy Reed
Attachment:
_bin
Description:
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- How to keep firewall rules clean and up-to-date Ilias - (Apr 27)
- Re: How to keep firewall rules clean and up-to-date TAS (Apr 27)
- Re: How to keep firewall rules clean and up-to-date Tracy Reed (Apr 27)
- Re: How to keep firewall rules clean and up-to-date K K (Apr 27)
- Re: How to keep firewall rules clean and up-to-date Magosányi Árpád (Apr 28)
- <Possible follow-ups>
- Re: How to keep firewall rules clean and up-to-date Lloyd, Mike (Apr 28)