Example TCP/UDP Ports

TCP Port

Service

UDP Port

Service

 

 

 

 

20/21

FTP

161

SNMP

 

 

 

 

23

Telnet

69

TFTP

 

 

 

 

25

SMTP

 

 

 

 

 

 

80

WWW

 

 

 

 

 

 

144

News

 

 

 

 

 

 

Firewall design rules

There are two basic rules to firewall design:

“What is not explicitly allowed is denied.”

and

“What is not explicitly denied is allowed.”

The first rule is far more secure, and is the best approach to firewall design. It is far easier (and more secure) to allow in or out only certain services and deny anything else. If the other rule is used, you would have to figure out everything that you want to disallow, now and in the future.

Firewall Logic

Firewall design is a test of logic, and filter rule ordering is critical. If a packet is forwarded through a series of filter rules and then the packet matches a rule, the appropriate action is taken. The packet will not forward through the remainder of the filter rules.

For example, if you had the following filter set...

Allow WWW access;

Allow FTP access;

Allow SMTP access;

Deny all other packets.

148

Page 148
Image 148
Netopia 2200 manual Firewall design rules, 148, Example TCP/UDP Ports TCP Port Service, Firewall Logic