› Forums › Network Management › Networking › Firewall Configuration – No internet, just internal networks › Reply To: Firewall Configuration – No internet, just internal networks
It is a bad idea to make any of the default chains DENY.
you should first make rules that allow traffic (there are almost always less things you want to allow then deny) and after that add deny rules. watch for sequences numbers.
INPUT chain deals with traffic that has its destination the firewall IPs
FORWARD chain deals with traffic that has its destiantion IPs different from firewalls
OUTPUT chain deals with traffic coming from firewall
this is simple explanation there are many other things to consider.
for your exapmle:
Protocol Matching: chose source or destination ports you want to allow
for examle if you would allow http then you chose destination port 80 protocol tcp
hope this helps