On 9/21/06, Neil Schneider <telecomneil at gmail dot com> wrote:
> I'm setting up a Soekris 4801 with the latest download (1.2). I want
> to create a default rule for the DMZ. I'm using the following rule for
> the DMZ interface.
> Proto Source Port Destination Port Description
> * DMZ net * ! LAN net * DMZ -> any
> Is this a proper default rule for the DMZ.
Yes. Ideally you'll want to restrict more than this, but this is a
> I presume the default
> without this rule would be to disallow all connections to or from the
> DMZ. Is my presumption correct?
Not allow anything outbound from the DMZ. Anything permitted from the
LAN, WAN, or any other interface into the DMZ would be permitted, and
reply traffic to that would be permitted by the state table.