On 11/2/05, Darrell Whitfield <dwhitf at gmail dot com> wrote:
> Hello everyone!
> Please take a look at these rules I just saw on the list and I
> thought they
> would meet the needs of my new m0n0wall install.
> I want a stealth firewall, I want the Lan to go anywhere but not be
> contact unless
> the Lan esablishes it first.I want the Dmz to be wide open but not
> access the Lan.
I wouldn't leave the DMZ wide open, no matter what is running on it.
That's bad practice.
> WAN (not checked)
> block | * | * | * | ! DMZ net | * | block all outside (access except)
I'd change this to only permit the specific traffic you require
inbound, and not put in any block rules at all (default is block).
> pass | * | LAN net | * | * | * | Default LAN -> any
> Dmz (not checked)
> pass | * | Dmz net | * | ! Lan net | * | Default OPT1-> any (except Lan)
rest looks fine.