> While it's not exactly coding, it sounds perfect for tonight's hackfest.

Yes, well, it literally IS for tonight's meeting/hackfest.  We upgraded
the firewall and I did not get around to making this change to the DMZ
behavior.   The previous version had an addon to provide this change but
the new version does not support that addon.  Our wired connection to the
Internet will not do well without this change since the DMZ is where the
visitor net lives.

> You might want to restate your policy more like:
>
> - drop everything not explicitly allowed
> - allow everything from eth1 to eth2
> - (etc)

I appears to already to the drop policy first, as you say.  I think we
just need "the allow everything from eth1 to eth2" and we'll be good to
go.

> I.e., you should have a default policy of dropping, and the rest of the
> rules allow things. It's safer and easier in the end.

Good point.

Alan


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss