I have some questions regarding an access-list applied tinbound to a DMZ interface.
1. If the firewall is stateful, and the NAT statements are set up correctly, then anyone from an inside interface should be able to access anything on the DMZ interface, with no access-applied correct?
2. the access-list that only permits certain hosts on the inside interface to access the DMZ, is put in place to prevent just anyone on the "inside" interface from accessing the DMZ correct?
3. The below access-list, if it were applied inbound to the DMZ interface goes which way?
How can you tell which direction the traffic flows by looking at the access-list?
The DMZ interface address is 192.168.100.1
Inside interface is 1
The access is :
access-list dmz permit tcp host 192.168.100.5 host 10.1.10.15 eq 2100