Follow

What are the recommended firewall rules?

 

Question

  • Basic firewall rules that can (and should be) customized to the specific needs and services
  • Use it as a jumping off point for your firewall configuration

NOTE: Firewall Rules do not apply to Proxy customers. An iRule should be leveraged for any Proxy specific use cases. See iRules in Silverline: Scope of Support

Environment

  • Routed DDoS

Answer

  • deny UDP src port 1900 <-- (SSDP/UPNP)
  • deny UDP src port 389 <-- (CLDAP)
  • deny UDP src port 161 <-- (SNMP)
  • deny UDP src port 11211 <-- (Memcached)
  • deny UDP src port 3283 <-- (Apple Remote Mgmt Service)
  • deny UDP src port 3702 <-- (WS-Discovery)
  • deny UDP src port 53 dst port 80 <-- (DNS reflection to webserver port)
  • deny UDP src port 53 dst port 443 <-- (DNS reflection to webserver port)
  • deny UDP src port 123 dst port 80 <-- (NTP reflection to webserver port)
  • deny UDP src port 123 dst port 443 <-- (NTP reflection to webserver port)

    If you do not expect any legitimate UDP to 80/443, you can instead drop all UDP to these webserver ports (but note: some users do expect UDP to 443 as part of a VPN or QUIC):
  • deny UDP dst port 80
  • deny UDP dst port 443

Related Content

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request