DistributedNetworks DistributedNetworks


Network Firewalls   «Prev  Next»

Packet Filter Rule - Exercise

Configure Network Firewall

Objective: Configure a firewall using packet filter rules. Exercise scoring

This exercise is worth 15 points and is tutor-graded.
Instructions
In this exercise, you will configure a firewall using packet filter rules. For clarity, we are including "Protocol" and "Path" sections in the packet filter rules. Bear in mind that a true packet filter is more complex than we are showing here.
Using the following information, write a packet filter to achieve the stated goals. You may either create a table in MS Word or use the table provided in the exercise downloads on the Resources page.
  1. Your network address is 192.168.0.0/24 (CIDR notation)
  2. Your internal SMTP server address is 192.168.0.10
  3. Your internal Web server address is 192.168.0.20
  4. HTTP traffic normally operates on port 80
  5. SSL traffic normally operates on port 443
  6. FTP request traffic normally operates on ports 21
  7. FTP reply traffic normally operates on port 20 and ports >1023
  8. SMTP traffic normally operates on port 25

Guide to Network Security

Goals

Create packet filter rules to:
  1. Allow HTTP from your internal network to the outside world (allow your users to browse the Web).
  2. Allow SSL from your internal network to the outside world (allow your users to make purchases online).
  3. Allow FTP from your internal network to the outside world (allow your users to download information from the Web).
  4. Allow SMTP traffic into your mail server only (allow other mail servers to transfer mail to your company).
  5. Allow the outside world to access your internal Web server (allow the public to view your Web site).
  6. Deny all other incoming IP traffic.

Note: For each goal, choose an action, either Allow or Block, for the IP address, port numbers and protocols indicated. The Path is the direction of data flow, either In to or Out of the network.
Below is an example of the format for your table. You are welcome to create your own table or to use the table provided in the exercise downloads on the Resources page.
Rule #ActionSource AddressDestination AddressPortProtocolPath
(In/Out)
1      
2      
3      
4      
5      
6      
7        

Submitting your Exercise


When you have completed this exercise, paste your answers in the text box below and click Submit.

Classless Inter-Domain Routing (CIDR): Allocates blocks of Internet addresses assigned to an Internet Service Provider (ISP) by Internic.