I need to set up an interface that will allow me to have equipment that cannot initiate connections into the network but that can respond to connections from that network. Basically, anything with a 192.168.x.x address will be considered DMX while anything with a 10.x.x.x address will be considered LAN. the LAN should have access to start conversations with the DMZ but the DMZ should not be able to start conversations with the LAN. Both networks will utilize the same Internet connection and where will be no port forwards since the public Internet is not allowed to talk directly with the DMZ. The DMZ in this instance is simply devices that are not to completely trusted. In an IPTABLES world, I would simply permit "RELATED,ESTABLISHED" and block everything else from DMZ to LAN. How do I accomplish something similar with Untangle?