Depends on what you're looking for (of course :-) )
Since you're under NAT, nothing can find your system that you don't
have set up for forwarding. You could set up firewall rules for the public
address of your router, as it's wide-open otherwise, of course.
A happy 2008 to you,
Justin
On Jan 1, 2008 6:40 PM, Alain Kelder <[EMAIL PROTECTED]> wrote:
> Hello,
>
> At my home office, I have 1 public IP and I'm forwarding certain outside
> port requests to the various machines inside using NAT. I'm allowing all
> inside->out traffic. Given that I'm happy with this setup from the
> functionality perspective, should I still add firewall rules to define
> my current setup (e.g. to allow all inside->out traffic and to allow
> http, smtp, etc to the various machines for outside->in traffic)? Am I
> missing out on important security features the firewall would offer
> which NAT doesn't?
>
> Currently I just have the following firewall statements:
>
> firewall {
> log-martians: "enable"
> send-redirects: "disable"
> receive-redirects: "disable"
> ip-src-route: "disable"
> broadcast-ping: "disable"
> syn-cookies: "enable"
> }
>
> [EMAIL PROTECTED]> show version
> Baseline Version: vc3
> Booted From: disk
>
> Happy New Year to all! Cheers, -Alain.
> _______________________________________________
> Vyatta-users mailing list
> Vyatta-users@mailman.vyatta.com
> http://mailman.vyatta.com/mailman/listinfo/vyatta-users
>
_______________________________________________
Vyatta-users mailing list
Vyatta-users@mailman.vyatta.com
http://mailman.vyatta.com/mailman/listinfo/vyatta-users
