I haven't set up firewalls in ages but if I recall correctly I was always doing:
>From the internet inbound to the company: Last rule is "drop all" >From the corporate network to the internet: Last rule is "accept all" In and out of the DMZ was (IIRC): last rule is "drop all" for inbound and outbound. On the other hand, some companies are not as easy going about permitting outbound traffic from their corporation. I could see a bank or other institution having a 'drop all' last rule for outbound. Tom On Thu, Mar 22, 2012 at 1:25 PM, Paul Graydon <[email protected]> wrote: > Aloha, > > I was tasked with clearing up some ambiguities in our firewalls. Nothing > too major, just some irritating stuff for the most part (commenting all the > rules etc), but I got to wondering: > > Which is better practice, to have an explicit Deny / Deny at the end of an > access list, or leave it to the implicit one? > > Paul > _______________________________________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ -- http://EverythingSysadmin.com -- my blog http://www.TomOnTime.com -- my videos _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
