[PCI DSS 3.0] 1.3.3 Do not allow any direct connections inbound or outbound for traffic between the Internet and t

1.3.3 Do not allow any direct
connections inbound or outbound for
traffic between the Internet and the
cardholder data environment.

1.3.3 Examine firewall and router configurations to verify direct
connections inbound or outbound are not allowed for traffic
between the Internet and the cardholder data environment.

Examination of all inbound and outbound
connections allows for inspection and restriction of
traffic based on the source and/or destination
address, as well as inspection and blocking of
unwanted content, thus preventing unfiltered
access between untrusted and trusted
environments. This helps prevent, for example,
malicious individuals from sending data they’ve
obtained from within your network out to an
external untrusted server in an untrusted network.