Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
userdoc:tt_dmz [2020/05/12 06:44] mkeuter created |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== DMZ ====== | ||
- | |||
- | The default DMZ firewall rules are as follows: | ||
- | |||
- | - Drop all DMZ-> | ||
- | |||
- | - Drop all DMZ->LAN traffic | ||
- | |||
- | - Allow DMZ->EXT (internet) | ||
- | |||
- | - Allow LAN->DMZ (includes WireGuard and OpenVPN virtual LANs) | ||
- | |||
- | The DMZ makes a great place to place servers and LXC containers, isolated to your network and AstLinux box, but reachable from any LAN and AstLinux itself. | ||
- | |||
- | Given the DMZ defaults above, any DHCP, DNS, NTP requests to Local be dropped, so ... | ||
- | |||
- | Personally I accept these: | ||
- | |||
- | Pass DMZ-> | ||
- | Pass DMZ-> | ||
- | |||
- | You may also want mDNS (UDP 5353) | ||
- | |||
- | To drop DMZ-> | ||
- | |||
- | Firewall sub-tab: | ||
- | |||
- | ___ Log Denied DMZ interface packets | ||
- | |||
- | |||
- | For the Pi-Hole case, the DMZ is perfect. | ||