Firewall

A firewall protects the StudNet against attacks from the Internet. The configuration of the firewall is not very restrictive. The firewall protects against many simple attacks from outside, but not against all. Especially it does not protect against attacks from other residents targeting your own computer!

We differ between normal users (with a dynamic IP) and users with a static IP. A static IP must be requested at the network tutor. Users who are using a dynamic IP for Internet connection (most of the residents) are very well protected. Users who are using a static IP are also protected, but it is easier to attack them, because there are more open ports.

For an outgoing connection all ports are open with exception of filter rules listed below.

For dynamic IPs the following ports are open for incoming connections:

  • FTP (port 20/21 UDP/TCP)
  • SSH (port 22 TCP)
  • HTTP (port 80 TCP)
  • IDENT (port 113 TCP)
  • HTTPS (port 443 TCP)
  • IPSec (port 500 UDP, IP protocols 50, 51)
  • ports 50000-50010 TCP
  • ports 50000-50010 UDP

For static IPs (login zxxxxx-ip1) the firewall filters all TCP/UDP ports lower than 1024 for incoming connections (stateful inspection). But the following services are explicitly allowed for incoming connections:

  • FTP (port 20/21 UDP/TCP)
  • SSH (port 22 TCP)
  • SMTP (port 25 TCP)
  • HTTP (port 80 TCP)
  • IDENT (port 113 TCP)
  • HTTPS (port 443 TCP)
  • IPSec (port 500 UDP, IP protocols 50, 51)
  • TCP ports 1024-65535
  • UDP ports 1024-65535