SY110 (Spring 2026)

SI110: Interactive Firewall

Interactive Firewall Exercise

We are assuming a generic ACL language for this exercise. Our ACL will only be capable of filtering IP addresses and TCP or UDP port numbers. ACL rules will look like what you see in the image to the right.

Remember: Firewalls evaluate each rule in an ACL in order from top to bottom. Once a packet meets the criteria of a rule, the prescribed action is taken (forward or drop) and the remaining rules in the list are ignored. If the packet does not meet the criteria of any rule, then the packet is dropped by default. The next packet received is scanned and evaluated against the ACL starting over with the first rule in the list. This process repeats for each packet received by the firewall.

Scenario: You are a network administrator responsible for an HTTP server at 10.10.10.8, a DNS server at 10.10.10.16, and a SMB file server at 10.10.10.32 and you are tasked with designing an ACL for your organization's firewall for inbound Internet traffic. Your ACL must enforce the following criteria:

The file server is used for storage of important documents and should not be accessible to external IP addresses.
The web server hosts the organization website, which must be accessible to all IP addresses.
The DNS server provides name resolution for the organization's domain, which must be available to all IP addresses.
IP addresses 7.7.7.7 and 8.8.8.8 are prohibited from accessing any host on your network due to suspected hacking activity (this overrides any other rule).

Below is your ACL. Initially it just has a rule that forwards everything (how secure is this??). You can add rules, remove rules and move rules with the controls below. Build an ACL that meets your network's requirements, and test with the "Test Firewall" button. Note: Please review the Services/Ports/Protocols Table to remind yourself of the port numbers and protocols associated with the services you are providing.