# Firewall Rule Base Best Practices {{< snippet "old" >}} This is the companion page for my Firewall Rule Base Best Practices document.  I have listed all the resources I would otherwise have put at the bottom of the document.  In this way, I hope to keep them current, and to add new material when I find it without having to revise the original document.  If I have written it correctly, it should need little revision as time passes and technology changes.  We'll see. ## Update 2003-01-27 When I started this document in the late 1990s, I was an InfoSec consultant working with firewalls on a day-to-day basis. That is not my day job anymore, and I have not found a great deal of time to devote to it. In addition I have since moved on, and I do not work with firewalls much in my current role. I have been surprised at the number of requests that I get for this draft, and I apologize to all those who I've kept waiting though my lack of time. Thus, I am making this draft directly available on the Internet in the hope that it will be useful. I disclaim any and all liability-use it at your own risk. If you would like to take over the maintenance of this document, let me know at {{< snippet "contact" >}}. ----- ## Best Practices - *[Firewall Rule Base Best Practices.doc](/public/Firewall_Rule_Base_Best_Practices.doc)* (last updated 2003-12-31) - *[12 Tips on Building Firewalls](http://security.oreilly.com/news/firewalls_0700.html)* by D. Brent Chapman, Elizabeth D. Zwicky, Simon Cooper 07/01/2000 ----- ## Resources See also my {{< xref "/infosec/sec-tools" >}} page. - *[ACK Tunnel through a Firewall](http://www.ntsecurity.nu/toolbox/ackcmd/)* - *[Internet Firewalls FAQ](http://www.interhack.net/pubs/fwfaq/)* - *[Commercial Firewalls](http://www.thegild.com/firewall/)* - *[Internet Firewall Essentials](http://www.networkcomputing.com/netdesign/wall1.html)* - *[CSI Firewall Archives](http://www.spirit.com/CSI/archives.html)* - [Security Related Port List](http://www.tla.ch/TLA/FW/FW1FAQ.html#Port%20probing) - See also: [Port Databases](sec-tools.html#port-databases) {{< snippet "old" >}}