The Default Filters (Not Exceptions) - Nov. 11, 2004

My book covers the default filter exceptions and many exceptions extremely well, but a lot of people have not seen the book. Over and over in the Novell public forums, I see posts that make me wonder if there is any filtering active at all. If you find that users can access the Internet without going through proxies, or without you having set up special filter exceptions for that traffic, you might check to see:

I have posted a FILTCFG screenshot below which shows what they SHOULD look like if you have run BRDCFG.NLM correctly. If your default filters do not look like this, in particular if you have more than two entries, you have a problem that should be looked into. Some people have run BRDCFG twice, once on the public interface and once on the private interface and ended up with filters blocking traffic to the private interface.

The default filters block all traffic TO the public interface, and all traffic FROM the public interface. Exceptions need to be created for even the proxies to send or receive data on the public interface, and BRDCFG also creates default exceptions which the proxies need.

FILTCFG.NLM, Configure TCPIP Filters, Packet Forwarding Filters, Filters

I should note that I named my interfaces as PUBLIC and PRIVATE in INETCFG so that the screen shots in my book would be easy to understand.

If you have something different from the above, you may want to go so far as to wipe out the filters completely and start over. I have the instructions for doing that HERE.

filtcfg screenshot

Also, note that your filter action should be Deny Packets in Filter List, not the opposite!

Filtering is critically important in a firewall. If you have any problem understanding the filtering, you may very well want to get a copy of my book on BorderManager packet filtering. You may also want to hire me to look at your BorderManager system, which I can quickly and easily do over the Internet. This is especially true if you have been running for a while with no filtering, and suddenly start blocking many services when you enable filters.

Return to the Main Page