Basic Security
Basic Security Consideration
By default, the R910 accepts telnet connections to it's WAN interface. This would let some enterprising door-knocker on the wrong side of the system potentially get access to your firewall.I added a rule to the filter set active on my WAN interface to prevent this:Change Output Filter 2 Enabled: Yes
Forward: No
Source IP Address: your.internet.ip.address
Source IP Address Mask: 255.255.255.255 Dest. IP Address: 0.0.0.0
Dest. IP Address Mask: 0.0.0.0 Protocol Type: TCP
Source Port Compare… Equal
Source Port ID: 23
Dest. Port Compare… No Compare
Dest. Port ID: 0
Established TCP Conns. Only: No
no comments |
post comment
Virtual Dave Megaplex:
Home Page- This wiki's start page
- Send Feedback To Dave
Logged in Users: (0)
Recently Changed
Check Internet Service Database Match- Device-Local Certificate Expired
- CLI Policy Lookup
- DH Selection For IPsec VPNs
- Scan For Newly Added Disk
- nmap
- Seconds Since Epoch to Local Time
- Link Monitor
- DH group to OAKLEY_GROUP table
- Fire Eater
- start
- FortiClient Error Codes
- dhparams Generation
- SSL Certificate Bundles
- ufw
- Grow A LVM Partition
- Creating Users
- whoami
- list databases
- 2023
- 2022
- 2019
- 2018
- 2017
- 2011
- 2010
- 2008
- 2001
- 2000
- 1999
Editing: snipsnap-help, Image Macro(Et auditum est, et idcirco ego nunc simulare)
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.