Do my rules appear to be sane?
-
I should add that I have a floating block + don't log for IPv6 which is why my final allow any is only IPv4.
-
Your very first rule matches everything so nothing beneath that does anything at all.
-
@cmb:
Your very first rule matches everything so nothing beneath that does anything at all.
When I edit that rule, it says Destination: OPT7.
It looks like it didn't remove that rule when I removed the interface.It wasn't a wildcard. The blocks still worked, so it looks like it was just UI.
Other than that, are they sane? -
Ah, yeah in that case it wouldn't have been in the ruleset at all.
Other than that, seems sane.
-
@cmb:
Ah, yeah in that case it wouldn't have been in the ruleset at all.
Other than that, seems sane.
Ok, cool, thanks.
I have a few oddities in NAT (such I have the firewall listening for HTTPs on a nonstandard port, but an internal NAT rule for port 443.
I wanted to make sure I had the LAN side of the rules looking ok (as the NAT rules are working exactly how I wanted). -
I redid my LAN rules once I found out I could nest aliases, could I possibly as for just a quick spot check again to rule out any brainfarts?
(blacked out port at the top is publicly accessible and non-standard (hurrah security through obscurity!))