"proper firewalls"...
Stupidly I thought upgrading from a SMC router to a Cisco Router was moving to a "proper firewall". Turns out that I was wrong and the name of the device gives it away
router !
Anyway, Im sure I should be able to get at least as much security out of the 2611 as my consumer SMC Barricade; its just more difficult to configure
I have now got traffic flowing in both directions, with some very simple ACLs limiting the traffic. The only thing that does not feel right about this config is that I am relying on NAT to stop most of the unsolicited traffic from getting on my LAN. I had thought that I would be able to deny everything, except where the traffic was a direct response to a NATed connection.
There in lies the question. What is wrong with this config and what should I be doing to stop unsolicited traffic whilst allowing NAT responses ?