null0 dev
NIC1     <--- ping
         |----drop

         |----respond if from trusted network

NIC2  (normal to the public)  (protected)


----------|----->|---------(Server)
           |       |
           |   X  |----------(domestic network)