Differences

This shows you the differences between two versions of the page.

--- userdoc:tt_firewall_overview [2020/05/13 20:49] – mkeuter
+++ userdoc:tt_firewall_overview [2020/05/24 21:04] (current) – [Default Allowed Traffic Flow] abelbeck
@@ Line 12: / Line 12: @@
 !!Note ->!! WireGuard and OpenVPN virtual networks are treated as LANs.
+!!Note ->!! Using the DMZ requires at least one LAN defined.
 ===== DMZ Traffic Flow =====
@@ Line 21: / Line 23: @@
   - Allow DMZ->EXT (internet)
   - Allow LAN->DMZ (includes WireGuard and OpenVPN virtual LANs)
+  - Allow Local->DMZ
 The DMZ makes a great place to place servers and LXC containers, isolated to your network and AstLinux box, but reachable from any LAN and AstLinux itself.
@@ Line 31: / Line 34: @@
   Pass DMZ->Local	TCP	0/0	53
-You may also want mDNS (UDP 5353)
+You may also want mDNS (''UDP 5353'')
-To drop DMZ->Local logging, uncheck the following:
+To disable DMZ->Local logging, uncheck the following:
 Firewall sub-tab:
@@ Line 42: / Line 45: @@
 For the Pi-Hole case, the DMZ is perfect.  The Pi-Hole can use AstLinux's DNS-over-TLS as it's upstream feed, and dnsmasq's DHCP can be configured to give out the Pi-Hole DMZ address for DNS.
+===== Firewall Plugins =====
+!!Related Info ->!! **[[userdoc:tt_firewall_plugins|Firewall Plugins]]**
+\\
+===== Firewall External Block List =====
+!!Related Info ->!! **[[userdoc:tt_firewall_external_block_list|Firewall External Block List]]**
+\\