Is my firewall configured safely? (Again..)

acrophobic · October 11, 2018, 11:47am

Hi!

Just want to know if my configuration looks healthy and if there is something in the rule order I should think about or change. Also, I wonder about the “accept established/related”. On the input chain I just have the “established” checkbox ticked, but on the forward chain I have both “established” and “related” checked, as I sometime noticed that things wouldn’t work properly otherwise. Would there be a point in activating “related” on the input chain as well? Another forum member kindly explained the difference between “established” and “related” in another thread and I think I got a bit wiser:)
Also, is there something else (like NAT or interface settings) that I should think about regarding security?

Kind regards

Anumrak · October 11, 2018, 1:35pm

You should compare default FW rules with yours. If you have some “security holes” add def rules to yours. If not, you should enable fast track cause of large number of rules( give processor a break).

WeWiNet · October 11, 2018, 2:25pm

Put the rules with high counter hits before those with low counter hit (if logically possible):
As example in your forward chain:

NTP rules are low hits (one is even never hit) so it is run for every packed but never used. Put all NTP rules after “established related” at least
(and remove or disable the one which was never hit)
you don’t show which NEW forward connections you allow?

Check CPU load, then you see how much you will benefit from using fast track to bring that down.