Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
userdoc:tt_dmz [2020/05/13 15:01] abelbeck removed |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== DMZ ====== | ||
- | |||
- | The default DMZ firewall rules are as follows: | ||
- | |||
- | - Drop all DMZ-> | ||
- | - Drop all DMZ->LAN traffic | ||
- | - Allow DMZ->EXT (internet) | ||
- | - Allow LAN->DMZ (includes WireGuard and OpenVPN virtual LANs) | ||
- | |||
- | The DMZ makes a great place to place servers and LXC containers, isolated to your network and AstLinux box, but reachable from any LAN and AstLinux itself. | ||
- | |||
- | Given the DMZ defaults above, any DHCP, DNS, NTP requests to Local are dropped, so ... | ||
- | |||
- | Personally I accept these: | ||
- | |||
- | Pass DMZ-> | ||
- | Pass DMZ-> | ||
- | |||
- | You may also want mDNS (UDP 5353) | ||
- | |||
- | To drop DMZ-> | ||
- | |||
- | Firewall sub-tab: | ||
- | |||
- | ___ Log Denied DMZ interface packets | ||
- | |||
- | |||
- | For the Pi-Hole case, the DMZ is perfect. | ||