Firewall

A firewall protects the StudNet against attacks from the internet. The configuration of firewall is not very restrictive. The firewall protects against many simple attacks but not against all. The firewall do not protect against attacks from other residents.

We differ between normal user (dynamic IP) and user with a static IP. A static IP must bee requested at the network tutor. User using the internet normally (most of the residents) are very well protected. User using a static IP are also protected. But it is easier to attack them, because there are more open ports.

For a outgoing connection all ports are open with exception of filter rules listed below.

For dynamic IPs for incoming connections the following ports are open:

  • FTP (Port 20/21 UDP/TCP)
  • SSH (Port 22 TCP)
  • HTTP (Port 80 TCP)
  • IDENT (Port 113 TCP)
  • HTTPS (Port 443 TCP)
  • IPSec (Port 500 UDP, IP-Protokolle 50, 51)
  • Ports 50000-50010 TCP
  • Ports 50000-50010 UDP


For static IPs (login zxxxxx-ipy) the firewall filters all TCP/UDP ports lower than 1024 for incoming connections (stateful inspection). But the following services are explicit allowed for incoming connections:

  • FTP (Port 20/21 UDP/TCP)
  • SSH (Port 22 TCP)
  • SMTP (Port 25 TCP)
  • HTTP (Port 80 TCP)
  • IDENT (Port 113 TCP)
  • HTTPS (Port 443 TCP)
  • IPSec (Port 500 UDP, IP-Protokolle 50, 51)
  • TCP Ports 1024-65535
  • UDP Ports 1024-65535