News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Firewall rules closest to the source best?
Pages: [1]
Topic: Firewall rules closest to the source best?  (Read 1386 times)
« on: June 28, 2008, 10:58:22 »
Seb74 ***
Posts: 115
I think I learned, when studying CCNA, that it was best to place ACL's closest to the source, so other traffic needen't be checked for no reason, taking up extra resources.

Is it the same in M0n0wall?

If I want to block traffic from OPT1 out through WAN for example, do I block OPT1 on the WAN-interface, or do I put the slightly more advanced rule of Block Destination !LAN on the OPT1 instead?

Maybe its common sense and everyone knows this except me Wink
« Reply #1 on: July 07, 2008, 15:48:40 »
markb ****
Posts: 331
To my thinking, the rules should be applied to where the traffic enters the router. So if you want to block access from Opt 1 to LAN I would put the rule on the Opt1 interface.
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines