1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ.
1.3.2 Examine firewall and router configurations to verify that
inbound Internet traffic is limited to IP addresses within the
DMZ.
This functionality is intended to prevent malicious
individuals from accessing the organization’s
internal network from the Internet, or from using
services, protocols, or ports in an unauthorized
manner.