Firewall rules for MGMT ip


I would like to have firewall rules so I can put an ACL on my management Interface to only allow access from specific subnets or IPs to the MGMT IP. When the next zero-day comes out, I’d perfer these things to drop any MGMT traffic, then have another bot net on my hands.



Good idea.

In the mean time…

Why not just firewall at the router/at your internet edge? You could also just make a management VLAN and keep everything separated that way…