Firewall

A firewall protects the StudNet against attacks from the Internet. The configuration of the firewall is not very restrictive. The firewall protects against many simple attacks but not against all. The firewall does not protect against attacks from other residents.

We differ between normal user (dynamic IP) and user with a static IP. A static IP must be requested at the network tutor. Users who are using the Internet normally (most of the residents) are very well protected. Users who are using a static IP are also protected. But it is easier to attack them, because there are more open ports.

For an outgoing connection all ports are open with exception of filter rules listed below.

For dynamic IPs the following ports are open for incoming connections:

  • FTP (Port 20/21 UDP/TCP)
  • SSH (Port 22 TCP)
  • HTTP (Port 80 TCP)
  • IDENT (Port 113 TCP)
  • HTTPS (Port 443 TCP)
  • IPSec (Port 500 UDP, IP-Protokolle 50, 51)
  • Ports 50000-50010 TCP
  • Ports 50000-50010 UDP

For static IPs (login zxxxxx-ipy) the firewall filters all TCP/UDP ports lower than 1024 for incoming connections (stateful inspection). But the following services are explicit allowed for incoming connections:

  • FTP (Port 20/21 UDP/TCP)
  • SSH (Port 22 TCP)
  • SMTP (Port 25 TCP)
  • HTTP (Port 80 TCP)
  • IDENT (Port 113 TCP)
  • HTTPS (Port 443 TCP)
  • IPSec (Port 500 UDP, IP-Protokolle 50, 51)
  • TCP Ports 1024-65535
  • UDP Ports 1024-65535