I wonder if someone could post their packet filter rules for a simple home network with a DMZ. Mine are as follows: I'm not sure they're sound because I'm not certain what the default behaviors are.
Source: Service: Action: Destination:
DMZ Any Drop Internal
Internal Any Pass Any
DMZ Any Pass Any
Any NWN Pass NWN_Server_DMZ
Any Teamspeak Pass Teamspeak_Server_DMZ
DMZ=my DMZ network
Internal=my internal (protected) LAN
I have masquerade rules set up to masq both the Internal net and DMZ out on my external PPPoE interface.
Critiques, comments are welcome [:)]
-blindsquirrel
edit: this is what I wish to accomplish:
1. A stealth firewall as far as passing port scanners are concerned (except NWN and Teamspeak)
2. A completely protected internal LAN
3. A completely protected DMZ, except for Teamspeak and NWN services
4. Traffic dropped from DMZ to internal, unless the internal side initiated the communication.
I have appropriate masq rules set up to masq both the internal and DMZ as the external PPPoE interface, and to pass NWN and Teamspeak traffic to my DMZ boxes. My version of ASL is 5.018.
This thread was automatically locked due to age.