07-16-2024 12:33 AM
Is there any security benefit by putting in specific deny's for say known bad hosts
in a firewall rule base when the rule base has an implicit deny all in it?
07-16-2024 12:37 AM - edited 07-16-2024 12:54 AM
Just for troubleshooting
You can check hit and log when you add deny
That it
MHM
07-17-2024 10:10 AM
So just logging then in your opinion?
I can't see any other reason to have specific deny's in above a permit as the implicit deny would kick in.
07-17-2024 10:14 AM - edited 07-17-2024 10:14 AM
Above or below?
Below permit before implicit deny use for troubleshoot
Above permit meanly use to deny specific host from subnet' i.e.
We deny host A in subnet 10.0.0.0
Then we permit subnet 10.0.0.0
MHM
07-16-2024 12:50 AM - edited 07-16-2024 02:09 AM
@Joe Bloggs yes there is. The implicit deny rule will only be hit if there is no more specific rule higher up in the the firewall ruleset that permits the traffic. In some circumstances you may wish to block traffic, for example, you have a firewall rule allowing "any" source to a hosted webserver. So you would add a deny rule from known bad hosts above the allow rule to ensure those bad hosts cannot access the webserver.
07-17-2024 10:16 AM
So i appreciate if you have some overly permissive rule and you wanted to stop one specific host from hitting that rule putting a deny in above makes sense.
But if you only have specific ip's talking to specific ip's on specific ports is there any point putting an ACE at the top of the rule base dropping/denying traffic from other hosts?
07-17-2024 10:30 AM
@Joe Bloggs as mentioned, you may need to use it in some circumstances. Each environment and firewall ruleset is different, configure the rules to meet your needs.
If you have strict ACE with specific IP addresses/networks communicating, then no, you may not require an explict deny rule above.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide