1.3.2 Examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ.
This functionality is intended to prevent malicious individuals from accessing the organization’s internal network from the Internet, or from using services, protocols, or ports in an unauthorized manner.