Store Page
Tower Networking Inc.
All Discussions Screenshots Artwork Broadcasts Videos News Guides Reviews

Tower Networking Inc.

Store Page
Tower Networking Inc. Guides Mr-Octo_Squid's Guides
Not enough ratings
Firewalls - Basics and Traffic Types
By Mr-Octo_Squid
A basic guide explaining the usage of firewalls.
   
Award
Favorite
Favorited
Unfavorite
Created by
Mr-Octo_Squid
Offline
Category: Gameplay Basics, Walkthroughs
Languages: English
Posted
13 Aug @ 9:35pm
460 Unique Visitors
9 Current Favorites
Guide Index
Overview
Introduction 
Meet the Firewalls 
Network Taps and you 
Setting up a Basic Filter 
Who left management open!? 
Type of Standard Network Traffic 
Types on maliscious network Traffic 
Software Firewalls 
Comments
Introduction
Firewalls in Tower Networking Inc are very simple devices. They operate on a set of rules to sift through traffic and do with it what you see fit. There is no concept of WAN/LAN for these devices so direction of rules will need to be considered.
Meet the Firewalls
Firewatch ES4A


Firewatch CP4E


Bastion E5

Network Tap

Network Taps and you
A network tap is a relatively cheap device that allows you to view traffic going down a wire.
This allows you to get an idea of what traffic is passing through a specific segement of your network.

There is no need to purchase an ETHTapper and a Firewall for the same segment, all Firewalls have Taps built in.

Taps are used via the PCAP command:

Sample view of PCAP:


Filtered PCAP:
Management traffic is quite noisy so filtering it out is very helpful. Excluding it is helpful to see what you are looking for. See table of traffic types.
Setting up a Basic Filter
Default Configuration.
Out of the Box Elevator firewalls are incredibly permissive. They will allow all traffic with no restrictions. They are basically a Tap unless you specify otherwise.

Default policy is allow without any other rules.

Firewall Command.


Setting up a filter.
By default a firewall is not much help. If you are by default allowing all traffic, you will need a lot of rules to prevent the traffic you dont want from passing. As traffic evaluated and dropped does not impact your network bandwidth of the firewall, it could be argued that blocking by default is better.
As with most things, this is situational. Take care with setting up rules, it is very possible to lock yourself out of a firewall. This is where the Datawiper USB comes in as it will factory reset your firewall.

If you are blocking all traffic by default, you will need to explicitly allow only the traffic you want.
If the firewall is sitting in front of your DNS server, you will need to allow DNS requests else the servers will not be able to be reached.

See section below for modifying management traffic to switch to Default Deny without blocking management traffic.
Who left management open!?
Network port tcp/23 is very important. It allows you access to managing your firewall.
I recommend adding your debug device as a rule to allow access to the server as a first step.

tcp/23 can also be used by maliscious users to poke your hardware. Hacker activity is still being researched and is ever evolving.

Whitelist your debugger:
(This assumes your debugger is named @Debug and your firewall is named @Firewall. Modify accordingly.)

firewall allow tcp/23 to @firewall from @debugger on @firewall

Deny by default:

firewall default deny on @firewall

If you loose access, use the reset USB. You messed up somewhere.
Type of Standard Network Traffic
Type
Name
Used by
icmp
icmp
Default type for ping routine
tcp/23
SSH
All Debugger/netsh commands
udp/53
DNS
reply-dns-queries; required for any Consumer activity.
udp/67
DHCP
reply-dhcp-request; any Client/Device with DHCP enabled.
udp/520
RIP
routine route advertisment.
udp/5060
SIP
VOIP phones, and stream-voice Consumers.
tcp/3306
Database
Store-text requests, for example from dns-server program
tcp/5432
Database
Any store-* requests, whether from Consumers or Servers
tcp/554
RTSP
CCTV cameras, CCTV monitors, and stream-live-video Consumers.
tcp/8333
Decentro
All P2P/Decentro activities

(Credit to Thorinbur for List.)
Types on maliscious network Traffic

Type
Name
Used by
tcp/510 to tcp/519
Worm Transmission
Malicious!
tcp/8000 to tcp/8099
Text Scraping
Malicious!

(Credit to Thorinbur for List.)
Software Firewalls
After unlocking SFTP, its possible to view and copy the software on firewalls to servers and other devices. This allows you to run firewall rule processing on a server directly instead of relying on a dedicated firewall to do so.

This feature is newer and is still being developed. Once more is known, I will work on a guide explaining using hardware Firmwares on non firewall hardware.
4 Comments
< >
KZ_RAD 23 Oct @ 4:02am 
don't forget you can copy the firewall settings from one firewall to another with this
sftp cp /etc/nftables.conf from @firewall to @firewall2
(this also works with routers but you need other file from it)
Andrizza 24 Sep @ 1:14am 
tcp/23 is telnet not ssh = )
nobodx 28 Aug @ 12:42pm 
you need SFTP & Jaibreak for software-firewalls
SFTP allows you to copy / delete files from one device to another (or make backups i think)

jailbreak allows you to copy the executables from network-components like the firewall-software from the hardware-ones to other devices and start them as programms

you can also copy the config-files, and transfer the settings from one device to another
Saali 24 Aug @ 12:39pm 
Thank you for the guide :)

Can you please add tcp/80 and tcp/443 to your list?

These are used for authenticated-access, software-updates and vpn as afaik