Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
userdoc:tt_dmz [2020/05/12 06:44] mkeuter created |
userdoc:tt_dmz [2020/05/13 15:01] abelbeck removed |
||
---|---|---|---|
Line 4: | Line 4: | ||
- Drop all DMZ-> | - Drop all DMZ-> | ||
- | |||
- Drop all DMZ->LAN traffic | - Drop all DMZ->LAN traffic | ||
- | |||
- Allow DMZ->EXT (internet) | - Allow DMZ->EXT (internet) | ||
- | |||
- Allow LAN->DMZ (includes WireGuard and OpenVPN virtual LANs) | - Allow LAN->DMZ (includes WireGuard and OpenVPN virtual LANs) | ||
The DMZ makes a great place to place servers and LXC containers, isolated to your network and AstLinux box, but reachable from any LAN and AstLinux itself. | The DMZ makes a great place to place servers and LXC containers, isolated to your network and AstLinux box, but reachable from any LAN and AstLinux itself. | ||
- | Given the DMZ defaults above, any DHCP, DNS, NTP requests to Local be dropped, so ... | + | Given the DMZ defaults above, any DHCP, DNS, NTP requests to Local are dropped, so ... |
Personally I accept these: | Personally I accept these: | ||
Line 22: | Line 19: | ||
You may also want mDNS (UDP 5353) | You may also want mDNS (UDP 5353) | ||
- | To drop DMZ-> | + | To drop DMZ-> |
Firewall sub-tab: | Firewall sub-tab: |