I am considering using a cisco router as my gateway/border router. My
lan machines will be nat'd behind it. I have read the NSA's guide to
securing these devices and turned off all of the unnecessary services.
But I had some questions regarding the acls.
I have set an outbound acl only allowing certain ports to have outbound
access (http, ftp, etc.). My question relates to the inbound acl.
Basically, I think it should be as follows:
allow incoming udp whose source port is 53 and destination port is > 1024
allow tcp established
deny ip any any log
for my udp rule, I have additional udp ports that need to be forwarded
through, not to initiate 'connections' but I need to get responses on
certain ports. For example I need a udp range to be able to use some
video/voice equipment and need to get replies in that range.
Is there a 'best practice' way to set this up? Do I just need to allow
all the udp ports that I am using inbound access? I am assuming that an
incoming udp response that doesn't have the same source/dest ports from
the same ip will be dropped but what about someone sniffing/spoofing my