Re: [m0n0wall-dev] why only 'IN' firewall rules?

From:	Scott Ullrich <sullrich at gmail dot com>
To:	marijan <mjakara at xnet dot hr>
Cc:	Monowall Develop <m0n0wall dash dev at lists dot m0n0 dot ch>
Subject:	Re: [m0n0wall-dev] why only 'IN' firewall rules?
Date:	Thu, 31 Mar 2005 14:16:32 -0500

On Thu, 31 Mar 2005 21:05:19 +0200, marijan <mjakara at xnet dot hr> wrote:
> Because I have 4 lan interfaces and have some users on all this
> interfaces (subnets) and some users on other routered network and all
> they going out to wan interface.
> I want let out only some computers (users) and want to be able go to
> Internet while all other computers not.

Allow the routed hosts to talk with an allow rule and then follow up
with blocking rules to keep the hosts that you wish not to allow to
the internet.

IE: Add some rules similar to:
   Proto  	Source  	        Port  	Destination  	   Port  	Description  	
A     *  	 192.168.1.0/24  	 *  	192.168.2.0/24      *          Allow
routed subnet
D     *          192.168.2.24/32        *               *             
    *         Deny 2.24 to internet.

This will pass routed traffic between the subnets and then if the host
(2.24) wishes to talk to the internet they will be blocked.

Regards,

Scott