Firewall Wizards mailing list archives

re: NAT for a simple network

From: "Robert E. Martin" <rmartin () fishburne org>
Date: Fri, 15 Aug 2003 13:37:26 -0400

"in general, you should verify packets are
not allowed to the device from the big bad Internet.  you may also want to
only allow local access from select IP addresses or subnets."

So if I deny all from the outside coming in and allow all from theinside to go out, I should have the beginnings of a securefirewall.?!??!! This is not to say that it is a catch all but a start.Perhaps add rule stating only the internal subnet goes out and to denyall others. As I stated before, this is a simple network, no servicescoming in from the outside, just internet access for the subnet insideand dhcp running on the gateway.Thanks to all that replied to this original post. This is a valuableresource to me. Thanks again!!

--
Robert E Martin
IT Manager
Fishburne Military School
rmartin () fishburne org
540.946.7726

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

NAT for a simple network Robert E. Martin (Aug 13)
- Re: NAT for a simple network Mikael Olsson (Aug 15)
- <Possible follow-ups>
- re: NAT for a simple network Mike Hoskins (Aug 15)
- re: NAT for a simple network Robert E. Martin (Aug 15)
  - Re: re: NAT for a simple network R. DuFresne (Aug 17)