Walls of Fire and Network Traffic
What Does "Data" Look Like?
Data is sent across networks in a series of packets.
What Does "Data" Look Like (really)?
Data is sent across networks in a series of packets.
What Does "Data" Look Like (reeeaaaally)?
Data is sent across networks in a series of packets.
Still not sure.....
Let's Look!
Download Me!!!!
https://www.wireshark.org/
What is a Firewall?
A firewall can be either a physical device or piece of software that allows us to set rules on what types of network traffic we allow into our networks or to communicate with hosts(computers/servers) on our network.
Three Main Types of Firewalls
Network Based Firewalls
A network based firewall is usually a physical device placed at strategic locations on the network to allow/deny traffic from entering segments of the network.
Host Based Firewalls
A host based firewall is usually a virtualized piece of software on a computer/server that will allow/deny network traffic to communicate with services on that machine.
Application Based Firewalls
An application based firewall is a virtualized piece of software that analyzes the contents of a data packet to allow/deny that data to reach the application.
Firewall Rules
Ingress Traffic
Ingress or inbound traffic are data packets that have originated from another location and are targeting a machine on your network.
Egress Traffic
Egress or outbound traffic are data packets that are originating from a machine on your network and have another destination.
How To: Firewall Rules
Network and host based firewall rules generally filter traffic on a few criteria:
- Source IP Address
- Source IP Subnet
- Destination IP Address
- Destination IP Subnet
- Destination Port
- Protocol
- Application
In Windows, you can filter by network "type" as well.
How To: Linux Firewall Rules
iptables (kinda)
ufw
$ sudo ufw enable
$ sudo ufw statusBlock a single IP:
$ sudo ufw deny from 15.15.15.51 # Block on ALL interfaces
$ sudo ufw deny in on eth0 from 15.15.15.51 # Block only on a single interface
Allow traffic to a certain port:
# Allow all traffic to a single port from a network
$ sudo ufw allow from 15.15.15.0/24 to any port 22 How To: Linux Firewall Rules
Block outgoing mail:
$ sudo ufw deny out 25,587
Allow traffic to a certain port:
# Allow only tcp traffic to a single port from a network range
$ sudo ufw allow proto tcp from 15.15.15.0/24 to any port 22 Default Policies:
$ sudo ufw default allow outgoing
$ sudo ufw default deny incomingNOTE: This could lock YOU out too...
How To: Windows Firewall
How To: Windows Firewall
Select Program or Ports and finish steps