Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
userdoc:tt_dmz [2020/05/13 15:01] abelbeck removed |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== DMZ ====== | ||
| - | |||
| - | The default DMZ firewall rules are as follows: | ||
| - | |||
| - | - Drop all DMZ-> | ||
| - | - Drop all DMZ->LAN traffic | ||
| - | - Allow DMZ->EXT (internet) | ||
| - | - Allow LAN->DMZ (includes WireGuard and OpenVPN virtual LANs) | ||
| - | |||
| - | The DMZ makes a great place to place servers and LXC containers, isolated to your network and AstLinux box, but reachable from any LAN and AstLinux itself. | ||
| - | |||
| - | Given the DMZ defaults above, any DHCP, DNS, NTP requests to Local are dropped, so ... | ||
| - | |||
| - | Personally I accept these: | ||
| - | |||
| - | Pass DMZ-> | ||
| - | Pass DMZ-> | ||
| - | |||
| - | You may also want mDNS (UDP 5353) | ||
| - | |||
| - | To drop DMZ-> | ||
| - | |||
| - | Firewall sub-tab: | ||
| - | |||
| - | ___ Log Denied DMZ interface packets | ||
| - | |||
| - | |||
| - | For the Pi-Hole case, the DMZ is perfect. | ||