Hi.
I have in the past set up my firewalls to filter traffic only one way (allowing everything out, but only certain stuff in) like this:
Now I have a scenario where I must filter both in and out.
The Office network is considered safer than project networks due to its strict inforcement of antivirus and patching and must be protected from the unsafe project networks. But hosts on the project network must be available to the hosts on the Office network on stuff like SSH and RDP.
So if this is the start of my config file (see below), what must the pass rules look like to allow hosts in the office network to talk to hosts in the project networks on SSH, RDP, etc.?
I have in the past set up my firewalls to filter traffic only one way (allowing everything out, but only certain stuff in) like this:
Code:
block in...
pass out quick
#add rules for ssh, www and other stuff here
Now I have a scenario where I must filter both in and out.
The Office network is considered safer than project networks due to its strict inforcement of antivirus and patching and must be protected from the unsafe project networks. But hosts on the project network must be available to the hosts on the Office network on stuff like SSH and RDP.
So if this is the start of my config file (see below), what must the pass rules look like to allow hosts in the office network to talk to hosts in the project networks on SSH, RDP, etc.?
Code:
block in on $ext_if
block out on $ext if
# what do [B]I[/B] need to put her?