Interactive Firewall Exercise

We are assuming a generic ACL language for this exercise. Our ACL will only be capable of filtering IP addresses and TCP or UDP port numbers. ACL rules will look like what you see in the image to the right. Remember: Firewalls evaluate each rule in an ACL in order from top to bottom. Once a packet meets the criteria of a rule, the prescribed action is taken (forward or drop) and the remaining rules in the list are ignored. If the packet does not meet the criteria of any rule, then the packet is dropped by default. The next packet received is scanned and evaluated against the ACL starting over with the first rule in the list. This process repeats for each packet received by the firewall.

Scenario: You are a network administrator responsible for an HTTP server at 10.10.10.8, a DNS server at 10.10.10.16, and a SMB file server at 10.10.10.32 and you are tasked with designing an ACL for your organization's firewall for inbound Internet traffic. Your ACL must enforce the following criteria:

Below is your ACL. Initially it just has a rule that forwards everything (how secure is this??). You can add rules, remove rules and move rules with the controls below. Build an ACL that meets your network's requirements, and test with the "Test Firewall" button. Note: Please review the Service/Protocol/Port Table to remind yourself of the port numbers and protocols associated with the services you are providing.

Note: The last rule must match all packets so that every packet is matched by at least one rule. Therefore forward/drop is the only thing you can choose.