As the title states, with firewall rules, do you always enter your accepts first, then your drops? For example, here is my Ubiquiti Edgerouter firewall setup, with accepts first, then drops.
You couldn't do it the other way, right?
name WAN_LOCAL { default-action drop description "WAN to router" enable-default-log rule 10 { action accept description "Allow established/related" state { established enable invalid disable new disable related enable } } rule 20 { action accept description "Limit pings" icmp { type-name echo-request } limit { burst 1 rate 50/minute } log enable protocol icmp } rule 30 { action accept description OpenVPN-vtun0 destination { port 1194 } log enable protocol udp } rule 40 { action drop description "Drop invalid state" log enable state { established disable invalid enable new disable related disable } } }
No comments:
Post a Comment