On 6/7/06, Claudio Castro <ccastro at unr dot edu dot ar> wrote:
> If the traffics goes from the LAN to the the DMZ, the traffic is
> entering to the DMZ interface...that's what I think...I may be wrong.
Going from the LAN to the DMZ. That's entering the LAN interface,
exiting the DMZ interface. To put it another way, it's the interface
where the traffic originates.
> Anyway, so to stop this I would have to set a rule in the LAN interface
> to block any default traffic that is not affected by any other rule right?
Yes, modify your LAN rules appropriately to permit or deny as desired.
If you're going to leave the default permit any rule there, you'll
have to put a reject or block rule above that rule (first matching