I'd like to cut down on the Default DROP lines in the firewall logs that result from all the TELNET, SSH, SIP, etc probes I get on my WAN interface. I know that the only externally-initiated traffic I support is HTTP/HTTPS to the reverse-proxy, TCP to the alternate port I use for the User Portal, IPSEC for a couple site-to-site tunnels, and L2TP for remote-access VPN users.
I'm thinking about creating rules to specifically allow these with a "DROP ANY:ANY->WAN:ANY" rule after. Do I need to include rules to allow inbound IPSEC and L2SP or does that traffic get handled earlier (i.e. BAlfson's Rule #2)?
This thread was automatically locked due to age.
