View Single Post
  #2   (View Single Post)  
Old 29th January 2009
DutchDaemon's Avatar
DutchDaemon DutchDaemon is offline
Real Name: Ben
Spam Refugee
 
Join Date: Jul 2008
Location: Rotterdam, The Netherlands
Posts: 336
Default

I tend to filter on the interface closest to the users ('LAN side', so to speak) or on the bridge interface itself (for those who can't get off the fence ..). Filtering on the external interface ('WAN' side) is used for keeping the rest of the world out. That way, the bridge has a nice wall around all sides, with not much going on inside.

On a router it depends on whether there are services running on the router itself which the users may need (DNS, mail, DHCP, etc.).
Reply With Quote