XYZ Company wants to set up SunScreen rules to implement the following security policy:
Allow telnet traffic from A (an individual host) to B (any host on a specified network).
Deny mail traffic between A and B; log attempts.
Deny all other telnet traffic and send NET_UNREACHABLE ICMP rejection messages for rejected traffic.
Discard all other packets.
The table below illustrates the SunScreen rules that the XYZ Company would set up to implement this security policy. Note that the default action for services not expressly mentioned in a rule would be specified as DENY.
Table 3-1 Sample Rules Table
Service |
From |
To |
Rule Type |
Log |
SNMP |
ICMP |
---|---|---|---|---|---|---|
telnet |
A |
B |
Allow |
NONE |
NONE |
NONE |
|
A |
B |
Deny |
SUMMARY |
NONE |
NONE |
|
B |
A |
Deny |
SUMMARY |
NONE |
NONE |
telnet |
* |
* |
Deny |
NONE |
NONE |
NET_UNREACHABLE |