Score:0

Firewall "any any" rules - Should I remove all these rules?

jp flag

I inherited a server from another dev that left. And the hosting is telling me to remove all these firewall rules, because these can cause security problems. Not sure if I'm understanding this correctly, but wouldn't removing all these rules also block users trying to access the websites on the server and even email access?

access-list 101 extended permit icmp any any object-group ICMP-ALLOWED

access-list 101 extended permit tcp any any eq https

access-list 101 extended permit tcp any any eq www

access-list 101 extended permit tcp any any eq domain

access-list 101 extended permit udp any any eq domain

access-list 101 extended permit tcp any any eq smtp

access-list 101 extended permit tcp any any eq pop3

access-list 101 extended permit tcp any any eq imap4

access-list 101 extended permit tcp any any eq 3306

access-list 101 extended permit tcp any host xxx.xxx.xxx.xxx eq ssh
jp flag
Dom
You may also look at the use of the access-list : input or output. If it is output, you just allow the server to connect to all mail, web, DNS servers on Internet... If Input, it means that you are serving all the protocols from your server. You may restrict them if needed (and possible), if you can
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.