Can we discuss a full ruleset?
If you have a LAN, it’s often good form, IF you want unrestricted LAN access for local services without a lot of rules, to START the ruleset with an allow any rule for an IP range of the LAN addresses you use, and another rule allowing the subnet broadcast address. While it’s up to you to decide, firewalls are much easier to configure, and much easier to do log analysis with, if you do not use DHCP, but a static block of private IP’s, if you’re behind a router… that rule, if desired, could be placed here. DNS is fundamental: … and can be followed with a neat deny and set this for alert: If you use DHCP to retrieve a dynamically assigned IP address from your ISP or router, you can tighten up on the generic rule provided with a pair of rules, like this: and protocol specific rules, for example: Next, among the basics you’ll want to have for getting started out, you can use the following as a guide to some sample ICMP rules; this can be a good place to put a generic loopback, if you w
