Global Rules

j0sefuz · May 4, 2010, 9:49pm

is this OK? what do I have to Add/Remove to have the best security?
by the way i DISABLED SANDBOX feature…

brucine · May 5, 2010, 12:06pm

Default global rules (cisv3 proactive mode) are set as follows excepting the first two lines relevant to my local network, and the last one forbidding ping.

http://brucine.hostoi.com/online/globalrules.jpg

You should remember that:

-rules are read from top to bottom: your second rules forbids the third and fourth ones; if you really want to write such a rule, it should be after the 2 ICM in rules.
-there’s no point in globally denying icmp, icmp is a needed protocol.