I truly appreciate the disussion, recommendations and criticisms. rule 10 has been considered for the event where one of my hosts opens a legitimate communication against my will, ie. via internal malware. Should I download software with an unwanted payload or be lured into clicking a bad link, I would prefer that my defense resist compromise. I have a follow-up question. I placed rule 10 on the destination because I believe (perhaps wrongly) that the port number will be among the well-known ports, and that if I placed rule 10 on the source, that is the WAN, that the port number would be unpredictable. If this is wrong, please raise my level of learned material. Again, thank you all, those that read and especially those that responded.
↧
