I'm trying to set up a server listening on the intranet on 80 that can't connect to the internet (inbound or outbound). I've got the outbound part covered using editing of the routing table but I'm not sure this will prevent the server from receiving packets if an attacker know my router's IP address. Instead of a firewall, I would like a lower level solution to the inbound problem.
Asked
Active
Viewed 315 times
1 Answers
2
Without a firewall or changes to the routing table on the router you can't prevent the packets from being delivered. That said, the TCP handshake won't complete, so you are pretty safe.
Depending on your web server, you could also prevent it from communicating with IP addresses it doesn't know - can't advise how to do this unless we know the http server. This also acts after the machine has received the packet so its less secure then using a firewall.
That said, I put to you that doing things this way is a mistake. It makes life more complicated for anyone else who might have to work on the system in the future (and makes OS updates and security patching a nightmare) - using a firewall local to the server is a standard, tried-and-true approach.
davidgo
- 73,366