in what interface should i put pass in and pass out?

Hey all,

I have read the basic docs and faq for the ip filter but i wasn't able to
figure out an answer for the following two.. Anyone to help me?

1) does a "block all" cover me from block in all and block out all? is in
and out mandatory or optional using the ipfilter?

2) i am trying to use ipfilter in a linux machine with two interfaces. lets
say that eth1 is going to the Internet and eth0 to my local lan. I am
thinking to put some rules on my eth1 with the pass in command so that i can
block/allow requests from clients to my server inside the lan. where should
i put the rules for server's reply to the clients? Would it be better to use
a pass in rule to my eth0 interface or a pass out rule to my eth1 interface
and why?

a little sketch would be like this


server----------eth0[ipfilter]eth1--------[router]-----internet..

Many many thanks!
Tim

ps. when i pass in a packet from the eth1 should i explicitly pass it out on
the eth0 so that it will be forwarded to my lan? this qestions also applies
the other way arount...

__________________________________________________ _______________
Don't just search. Find. Check out the new MSN Search!
http://search.msn.com/