diff --git a/Samples/two-interfaces/interfaces b/Samples/two-interfaces/interfaces index 09bd960af..5f8d7552b 100755 --- a/Samples/two-interfaces/interfaces +++ b/Samples/two-interfaces/interfaces @@ -187,6 +187,6 @@ # ############################################################################## #ZONE INTERFACE BROADCAST OPTIONS -net eth0 detect dhcp,routefilter,norfc1918,tcpflags -loc eth1 detect tcpflags +net eth0 detect dhcp,tcpflags,norfc1918,routefilter,nosmurfs,logmartians +loc eth1 detect tcpflags,detectnets #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE diff --git a/Samples/two-interfaces/rules b/Samples/two-interfaces/rules index c5f5cdafe..8afc35407 100755 --- a/Samples/two-interfaces/rules +++ b/Samples/two-interfaces/rules @@ -340,17 +340,22 @@ # # Accept DNS connections from the firewall to the network # -ACCEPT fw net tcp 53 -ACCEPT fw net udp 53 +DNS/ACCEPT fw net # # Accept SSH connections from the local network for administration # -ACCEPT loc fw tcp 22 +SSH/ACCEPT loc net # -# Allow Ping To And From Firewall +# Allow Ping from the local network # -ACCEPT loc fw icmp 8 -ACCEPT net fw icmp 8 +Ping/ACCEPT loc fw + +# +# Reject Ping from the "bad" net zone.. and prevent your log from being flooded.. +# + +Ping/REJECT:none! net fw + ACCEPT fw loc icmp ACCEPT fw net icmp #