Internal Network: 10.0.x.1/24
Host10: 10.0.x.10/24
Host11: 10.0.x.11/24
Public IP: 10.0.0.z/24

Layout:

Internal Net --- Firewall --- Public Net

Security policy:
- Stateful Packet Filter for ~64k Connections
- All packets that are not explicitly allowed, have to be dropped
- All packets that are dropped have to be logged
- SSH access from public segment (192.168.100.y/24) to the Firewall itself
- No handling of multicast and/or broadcast packets
- Antispoofing rules for each interface
- All traffic from/to Internal must not be NAT'ed (i.e. public addresses)
- Correct handling of all ICMP Errors
- ICMP echo request / reply allowed stateful
- Host10:
	- Administrative access via SSH from any Public Address
	- HTTP access from Public Network
- Host11:
	- No access from Public Network
- All machines in Internal Network:
	- Allowed to initiate any kind of connections to Public Network