On 16.11.2004 10:09 -0600, Dub Dublin wrote:
> Well, I've found a definite bug in m0n0wall itself, but working
No, you haven't (yet). ;)
> <type>pass</type> **NOTE THIS LINE IS MISSING IN ABOVE
This is for historical reasons. Before pb19, you could only define
pass rules, and any packet that didn't match a pass rule was blocked.
This is still the recommended way of writing filter rulesets (not
only with m0n0wall) - default-to-deny. Unfortunately, since the rule
language isn't 100% flexible, deny/block rules sometimes have to be
used to avoid having to create large numbers of similar pass rules.
For this reason, rules without a "type" are treated as pass rules,
and I can't see a problem with it. Again, if at all possible, use
pass rules only - any decent book on packet filtering will tell you
> but the firewall will still not answer for the Inbound NAT services
> on the WAN port, even after this is fixed.
...which means your problem is somewhere else.