I’m trying to better understand the drivers behind adding a network into $HOME_NET.
It is clear to me that clients on internal protected networks shall go into $HOME_NET. And servers on the unprotected internet shall remain within $EXTERNAL_NET.
What I’m really unsure about are servers on the protected internal network on one hand. I tend to add them into the $HOME_NET as well, although a lot of rules assume client-like systems within it.
And on the other hand are systems - clients and servers - on the (almost) unprotected, but self owned network. You can image a DMZ-like network here.
So I’m trying to understand whether the client vs. server differentiation or the one on protected vs. unprotected networks is the main driver behind the use of $HOME_NET in rules.
Thanks for helping me out.
Heiko