Guidelines on Firewalls and Firewall Policy

I just finished reading through the National Institute of Standards and Technology (NIST)'s Guidelines on Firewalls and Firewall Policy. It's actually very well written with casual-enough language to hold your attention. I thought I'd sum up some of the key points for blocking traffic in a good firewall design. The following traffic types should always be blocked:

• Inbound traffic from a non-authenticated source system with a destination address of the firewall itself
• Inbound traffic with a source address indicating that the packet originated on a network behind the firewall
• Inbound traffic containing ICMP
• Inbound or outbound traffic from a system using a source address that falls within the private address ranges show n in RFC 1918
• Inbound traffic from a non-authenticated source system containing SNMP
• Inbound traffic containing IP Source Routing information
• Inbound or outbound traffic containing a source or destination address of 127.0.0.1
• Inbound or outbound traffic containing a source or destination address of 0.0.0.0
• Inbound or outbound traffic containing a directed broadcast address

Like I said, really good reading. The whole article can be found at this link:

http://csrc.nist.gov/publications/nistpubs/800-41-Rev1/sp800-41-rev1.pdf