Firewall rules for MGMT ip


#1

I would like to have firewall rules so I can put an ACL on my management Interface to only allow access from specific subnets or IPs to the MGMT IP. When the next zero-day comes out, I’d perfer these things to drop any MGMT traffic, then have another bot net on my hands.

Thanks.


#2

Good idea.

In the mean time…

Why not just firewall at the router/at your internet edge? You could also just make a management VLAN and keep everything separated that way…