The firewall was constructed with the PCXFirewall Toolkit available here: http://pcxfirewall.sourceforge.net/ After determining list of services to be offered, a list of open ports was created. The following list enumerates that list.

• 22 – SSH
• 25 – SMTP
• 80 – http
• 110 – pop3
• 143 – imap2
• 443 – https
• 992 – telnets
• 993 – imaps
• 995 – pop3s

Admin instructions on how to access PCXFirewall

https://63.252.5.3/pcxfirewall

username – admin

Firewall Config – budlight1

Config Options

• Network Command – ifconfig
• Mangle Rules – Enabled

Validity Check:

• TCP Flags – on
• ECN Enabled – off
• Unclean – off
• Kernel Type – modular

Zones:

• internal Zone Enabled – off
• ipsec Zone Enabled – off
• dmz Zone Enabled – off
• dialin Zone Enabled – off
• Bridge Support Enabled – off
• Snort-Inline Support Enabled – off

Special Protocol Modules:

• ftp Enabled – on
• ftp Params – none
• irc Enabled – off
• irc Params – none

Rate Limit:

• Tainted Packets Log Rate – 20 / minute
• Reserved Packets Log Rate – 20 / minute
• Default Policy Packets Log Rate – 30 / minute
• Reject Packets Log Rate – 30 / minute
• Normal Packets Log Rate – 30 / minute
• ICMP Packets Allow Rate – 30 / minute

Logging:

• Log Prefix – FW
• Log Level – debug

Dynamic Interfaces:

• Dynamic Interfaces Mode – ignoreIP

• Index – 0
• Host – budlight
• Type – normal
• Active – true
• Comment – external network/lan

• Index | Host | LimitTo | Active | Comment

1. 10.0.0.0/8 | - | false | Class A
2. 192.168.0.0/16 | - | false | Class C
3. 127.0.0.0/8 | - | true | Local machine
4. 172.16.0.0/12 | - | false | Class B
5. 224.0.0.0/4 | - | false | Class D Multicast
6. 240.0.0.0/5 | - | true | Class E Reserved
7. 0.0.0.0/8 | - | false | Illegal except for DHCP
8. 169.254.0.0/16 | - | true | Link Local Networks
9. 192.0.2.0/24 | - | false | TEST-NET

move in out ip source dest action service active firewallToExternal E * ALL ALL ACCEPT DNS, SSH, IDENT, SMTP, ICMP, TRACEROUTE, SQUID, HTTP, FTP, BOOTP, NTP, RSYNC true D externalToFirewall E ^/v * ALL ALL ACCEPT SSH, SMTP, POP3, IMAP, ICMP-limited, HTTP, HTTPS, BOOTP, IMAPS, POP3S true D E ^/v * ALL ALL Reject IDENT true D E ^/v external ALL ALL Drop No Log SMB true D externalBroadcast E * ALL ALL ACCEPT BOOTP true D

get this from PCXFirewall instructions and put here

Please post changes here in the format of: [H4] date|your name [/H4] [CR]description of chages made

The initial installation

need to get how to access and use front end.

Initially installed, configured, and documented by James Pattie and Carl Fitch, 2005-02-19.