[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] newbie firewall rules
 Date:  Wed, 2 Nov 2005 22:06:05 -0400 
On 11/2/05, Darrell Whitfield <dwhitf at gmail dot com> wrote:
> Hello everyone!
>
>       Please take a look at these rules I just saw  on the list and I
> thought they
> would meet the needs of my new m0n0wall install.
> I want a stealth firewall, I want the Lan to go anywhere but not be
> contact unless
> the Lan esablishes it first.I want the Dmz to be wide open but not
> access the Lan.
>

I wouldn't leave the DMZ wide open, no matter what is running on it. 
That's bad practice.


>
> WAN              (not checked)
> block | * | * | * | ! DMZ net | * | block all outside (access except)
>

I'd change this to only permit the specific traffic you require
inbound, and not put in any block rules at all (default is block).

> LAN
> pass | * | LAN net | * | * | * | Default LAN -> any
>
> Dmz                          (not checked)
> pass | * | Dmz net | * |  ! Lan net  | * | Default OPT1-> any (except Lan)
>

rest looks fine.

-Chris