Hi all
First of all, I think you should create a few policies that are very important in every firewall implementation.
At the end of your ruleset you must create a DENY ALL “Last Rule”.
This rule is available on most firewalls by default – but should never be disabled from novice….
To secure your internal clients from compromised DNS Servers or DNS forwarders, you should implement a Rule for your two or three trusted DNS Server.
This rule looks like this:
source: all internal
destination: trust_dns_1, trust_dns_2
service: DNS
action: Allow
Following to this rule you must setup a block rule for all other DNS Servers like this:
source: all internal
destination: all external
service: DNS
action: Block
Now your clients can only connect to trusted DNS Servers. This means, that it’s not possible to compromise a DNS Server to redirect your clients to a malicious IP.
In the next Part we will discuss about the rules you need to access the internet or receive email and so on.
sirhartmann 