DMZ Firewall Solution for the Express Router
Filter
9
10
11
12
13
14
Function
Discards all ICMP packets entering the DMZ network. This prevents the router from reporting the IP netmask. These filters must include all IP addresses on the router, including the WAN IP address if the router is using numbered links.
Two filters are required.
Discards all packets to open router ports.
Four filters are required.
Settings
Action: | Discard |
Protocol: | ICMP |
Dest. address type: | Host |
Dest. address: | <LAN1 IP address> |
Scr. address type: | All |
|
|
Action: | Discard |
Protocol: | ICMP |
Dest. address type: | Host |
Dest. address: | <LAN2 IP address> |
Scr. address type: | All |
Action: | Discard |
Protocol: | UDP |
dest address type: | Host |
dest address: | <LAN1 IP address> |
Dest. port: | All |
Src. address type: | All |
Src. port: | All |
Action: | Discard |
Protocol: | UDP |
dest address type: | Host |
dest address: | <LAN2 IP address> |
Dest. port: | All |
Src. address type: | All |
Src. port: | All |
Action: | Discard |
Protocol: | TCP |
Flags: | All |
dest address type: | Host |
dest address: | <LAN1 IP address> |
Dest. port: | All |
Src. address type: | All |
Src. port: | All |
Action: | Discard |
Protocol: | TCP |
flags: | All |
dest address type: | Host |
dest address: | <LAN2 IP address> |
Dest. port: | All |
Src. address type: | All |
Src. port: | All |
Version 1.0 | 23 |