Posted on 2014-09-10
I have seen what should be default rules for firewalls described as
deny any address from your internal network
deny any local host addresses ( example 127.0.0.1 )
deny any reserved private addresses
deny any addresses in the IP multicast address range
then i also saw this advise
"have separate inbound and outbound ACL's to ensure that the data that's leaving the network comes from a different source than data that's coming into the network"
so I think i get the last one, I thought that would be a way to prevent IP spoofing. because if someone is spoofing, the data they are sending will actually be coming from the outside. Does that sound right?
I really can't picture the purpose of the other rules though. for instance, why would i want to " deny any address from your internal network" wouldn't that mean that if one of my interior network addresses is 192.168.0.2, and if the firewall denies data from that address ( the internal network ) then that client couldn't, for example, send requests to web servers to look at web pages. that person would click on a link, and that request is denied on the firewall? is that what that means?
basically if someone has some good visuals of what is happening with these firewall rules, i would really appreciate it.