EdgeOS Outbound Firewall Rules

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to the second video in the firewall series for edge OS and in this video we are gonna talk about outbound firewall rules so let's go ahead and login we're gonna go over to our firewall and you if you remember we've got the two default policies that are set up by our wizard and the interfaces here are eath zero direction in and eath zero local so what we're gonna do is we're gonna create an entirely new rule set that's going to deal with outbound traffic so we're gonna add a rule set we're going to call this LAN out and we'll call this description when out default action will be accept so we'll save that and you can see by default that when you create a rule set it doesn't attach it to any interfaces or directions and there's no rules the only thing we have is the default action which is accept so we need to go in and configure this attach it to an interface in a direction and then create some rules so we want to block outbound traffic on our way in interface so we're gonna select easy row and it's gonna be out so we're dealing with sending traffic out towards the internet go ahead and save that and once that's saved we'll come over to rules and we'll kind of will kind of do the same the same rules that we worked on yesterday but then we'll we'll add another one first we'll bring up my website just to show that it's loading so it's coming up and we'll go ahead and add a new rule and we'll call this block HTTP so our action will be drop will choose to TCP advanced will do establish new related just to cover our bases source we could specify a source so if we have that certain set of machines internally or an entire subnet that we want to apply this to you can put that in here we're just gonna put we're gonna leave a blank so there's gonna be anything on the inside of the firewall that will affect and destination will be port 80 you could also go in and fiddle with that time rule like we did so we'll go ahead and save this and then we'll save our rule order looks like looks like everything is in order so now let's go to my blog and as you can see we are just sitting and spinning we can come over here and we can look at the stats and you can see that the the block the drop action is incrementing and now we've got the site can't be reached but if we do this go to http Facebook HTTP loads those perfectly until we go in let's copy this rule and then we'll edit it and we'll block HTTP destination 443 save that save the rule order and now we just get waiting waiting waiting waiting it's gonna resolve it it'll resolve it we're not blocking DNS we're not blocking DNS at all so you can see that instead of having my router capture that I went out to Google's Public DNS server and we resolved it just fine but we are blocking that connection so if we come in here and we delete this rule come back over here now you can see it loads right away so what else can we do with this so let's say you have an email server internally and that's the only host you want to be able to send email out to the Internet what you could do is you could create a rule that blocks everybody except for your mail server and okay so let's talk about what that would look like let's go ahead real quick and we'll delete the HTTP rule and and before we do this SMTP let me show you that this is not a one a one-trick pony because I am using 80 and 443 in the videos but here we're gonna do some ssh traffic outside of this router so we're gonna go to another router in the lab and now you can see we get a login prompt okay so we'll log out of that will create a rule we'll call it block ssh we're gonna drop tcp destination 22 will save this rule will bring up those stats and look the drop the drop is incrementing and I'm not being prompted for my credentials so you could use this in that same maintenance window let's say you only want SSH going out of you know and this is you'd have to use this in combination with other rules because if you're using a non-standard SSH port like some services we'll use 2 - 2 or 2 - 2 to say that 10 times fast but you would you'd have to use you'd have to know those ports or you'd have to use it in combination with some other rules to do some more effective blocking but now if we come in here and we delete this rule that rule is now gone now you can see I am prompted with my credentials and I'm able to log in so let's talk about how do we allow just a single you know machine to send that email out so let's take a look at that so the first thing we would do is we would say block smtp oh and we're gonna drop tcp destination 25 and we'll say that because 25 is your standard SMTP port if it's using secure or SSL based SMTP it's a different port for this we're just going to use port 25 so right now we are blocking all of this but we want to allow our email server to send out so what we're gonna do is we're going to allow SMTP MTP mail server and we're going to accept TCP source will be our 192.168.1.2 destination is gonna be 25 and we'll save that and then what we're gonna do is we've got to change the order on these rules because you got to remember the firewall reads these rules in order so it's gonna say block SMTP all and it's gonna match this first you're destined for port 25 and you're done so the first thing we got to do we got to move this up which is allow our mail server so it's gonna match the source address as 192 168 1 dot 2 with a destination of port 25 and is going to accept and then everything else is gonna be blocked so that should take care of it you could still mess around with the you could still mess around with the time-based settings and things like that like we did in the first video so feel free you know you can get an edge router for $49 it's a small investment and the payback on it and knowledge and experience is huge so you can check those out you can get those from the distributors you can order directly from ubiquity so if you liked the video please give a thumbs up please subscribe please comment and share and we will see you at the next video

Info

Channel: Willie Howe

Views: 46,570

Rating: undefined out of 5

Keywords: edgeos, edgeos wan, edgeos wan out, edgeos wan_out, edgeos block ssh, edgeos block smtp, edgeos firewall, edgeos firewall configuration, edgemax wan_out, edgerouter wan_out, edgerouter block outbound traffic, edgemax block outbound traffic, edgeos block outbound ports, edgemax block outbound ports, edgerouter block outboud ports, block outbound ports, firewall configuration, easy firewall, ez firewall

Id: RSUWb2sv0So

Channel Id: undefined

Length: 10min 31sec (631 seconds)

Published: Fri Jul 15 2016