My current config has NO access-lists or access-groups. Client machines have no internet - expected.
If I add the following lines...... access-list INBOUND permit icmp any any access-list INBOUND deny tcp any any access-list INBOUND deny ip any any access-group INBOUND in interface outside
.... then my client machines suddenly have icmp out (expected), but they also have http/dns/smtp (ie ALL) out.
What access rules can I add, so that clients have icmp out, but nothing else?
Thanks Nick