[fw-wiz] re: NAT for a simple network
From: Robert E. Martin (rmartin_at_fishburne.org)
To: email@example.com Date: Fri, 15 Aug 2003 13:37:26 -0400
"in general, you should verify packets are
not allowed to the device from the big bad Internet. you may also want to
only allow local access from select IP addresses or subnets."
So if I deny all from the outside coming in and allow all from the
inside to go out, I should have the beginnings of a secure
firewall.?!??!! This is not to say that it is a catch all but a start.
Perhaps add rule stating only the internal subnet goes out and to deny
all others. As I stated before, this is a simple network, no services
coming in from the outside, just internet access for the subnet inside
and dhcp running on the gateway.
Thanks to all that replied to this original post. This is a valuable
resource to me. Thanks again!!
-- Robert E Martin IT Manager Fishburne Military School firstname.lastname@example.org 540.946.7726 _______________________________________________ firewall-wizards mailing list email@example.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards