Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Firewall suggestions
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Feedback
- :
- Plusnet Feedback
- :
- Firewall suggestions
Firewall suggestions
10-12-2008 3:46 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
1) On high settings, PN's firewall does not block incoming UDP connections/packets, it allows thousands of packets to reach a computer and scan the ports, when really it should drop these unsolicited packets on the firewall. Is it possible to change the PN firewall to prevent UDP packets from going past the PN firewall?
2) Firewall whitelist/blacklist. A small list of trusted IP addresses which are allowed to bypass the PN firewall, even on High, so the PN firewall is set to High, I could add the IP address of my Uni network so I could connect to my home network from college. The blacklist could be longer and always deny access from the firewall, useful in the case of a ddos attack, you could just add the IP's from the router log, blocking them from continuing (blocks all traffic on all ports)
3) Time based firewall settings, probably not possible due to needing to disconnect, but the idea is that you could set the firewall to "high" during peak time, and "medium" during off peak time, this would block things like torrents from taking up bandwith during peak hours, but allow seeding/downloading off peak hours, probably not the best idea, but it just popped into my head.
2) Firewall whitelist/blacklist. A small list of trusted IP addresses which are allowed to bypass the PN firewall, even on High, so the PN firewall is set to High, I could add the IP address of my Uni network so I could connect to my home network from college. The blacklist could be longer and always deny access from the firewall, useful in the case of a ddos attack, you could just add the IP's from the router log, blocking them from continuing (blocks all traffic on all ports)
3) Time based firewall settings, probably not possible due to needing to disconnect, but the idea is that you could set the firewall to "high" during peak time, and "medium" during off peak time, this would block things like torrents from taking up bandwith during peak hours, but allow seeding/downloading off peak hours, probably not the best idea, but it just popped into my head.
2 REPLIES 2
Re: Firewall suggestions
10-12-2008 4:02 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not bad ideas, but I believe because of the way that the firewall is implemented might be a little tricky.
AIUI, the "firewall" is implemented as a different "service offering" (like a profile) on the Ellacoya boxen. This is a little guesswork, but taking BBYW Pro as an example, this could be a list of the available "profiles" :
BBYW Pro - Firewall Off
BBYW Pro - Firewall Low
BBYW Pro - Firewall High
BBYW Pro - Restricted (Over Bandwidth limit)
BBYW Pro - Payment Failed
Multiplying this up by the number of packages, (BBYW 1, 2, 3, 4(obsolete), old PAYG, old Premier 1, 2, 3 etc) and you start to see that there are probably tens if not even hundreds of profiles in the system to account for each combination of the firewall.
Adding the ability to give more fine-grained control over the firewall really would put the system into uncharted territory (and imagine the technical nightmare of debugging a "mix" of profiles on a connection)
B.
AIUI, the "firewall" is implemented as a different "service offering" (like a profile) on the Ellacoya boxen. This is a little guesswork, but taking BBYW Pro as an example, this could be a list of the available "profiles" :
BBYW Pro - Firewall Off
BBYW Pro - Firewall Low
BBYW Pro - Firewall High
BBYW Pro - Restricted (Over Bandwidth limit)
BBYW Pro - Payment Failed
Multiplying this up by the number of packages, (BBYW 1, 2, 3, 4(obsolete), old PAYG, old Premier 1, 2, 3 etc) and you start to see that there are probably tens if not even hundreds of profiles in the system to account for each combination of the firewall.
Adding the ability to give more fine-grained control over the firewall really would put the system into uncharted territory (and imagine the technical nightmare of debugging a "mix" of profiles on a connection)
B.
Re: Firewall suggestions
10-12-2008 4:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I figured 3 would be very tricky, if not impossible to impliment, 2 on the other hand, I didn't really think about the overheads for that with so many customers and so many profiles each with an individual whitelist/blacklist, lets put that down in the really really difficult, probably not the best use of PN resources, 1 on the other hand I think is a must, after suffering a ddos through UDP port scans, if the firewall had blocked UDP on High then I coulda watched Holby on Iplayer last night
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page