Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

CHAPTER 12 Packet Classification > 12.3 REQUIREMENTS AND METRICS - Pg. 275

12.3 Requirements and Metrics Mail gateway M 275 External time server TO Secondary name server S Internal time server TI Screening router Hacker to be kept out! Destination Source Destination Port M M M M TI * Net * * * S * TO Net * * 25 53 53 23 123 * * * Source Port * * * * 123 * * * Flags * UDP * * UDP * TCP ack Comments Allow inbound mail Allow DNS access Secondary access Incoming telnet NTP time info Outgoing packets Return ACKs OK Block everything! * F I G U R E 12.3 The top half of the figure shows the topology of a small company; the bottom half shows a sample firewall database for this company as described in the book by Cheswick and Bellovin [CB95]. The block flags are not shown in the figure; the first seven rules have block = false (i.e., allow)