[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Dub Dublin <dub at infowave dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Bug Report: Inbound NAT automatic rule creation
 Date:  Tue, 16 Nov 2004 19:38:53 +0100
On 16.11.2004 10:09 -0600, Dub Dublin wrote:

> Well, I've found a definite bug in m0n0wall itself, but working

No, you haven't (yet). ;)

>             <type>pass</type>  **NOTE THIS LINE IS MISSING IN ABOVE

This is for historical reasons. Before pb19, you could only define
pass rules, and any packet that didn't match a pass rule was blocked.
This is still the recommended way of writing filter rulesets (not
only with m0n0wall) - default-to-deny. Unfortunately, since the rule
language isn't 100% flexible, deny/block rules sometimes have to be
used to avoid having to create large numbers of similar pass rules.

For this reason, rules without a "type" are treated as pass rules,
and I can't see a problem with it. Again, if at all possible, use
pass rules only - any decent book on packet filtering will tell you

> but the firewall will still not answer for the Inbound NAT services
> on the WAN port, even after this is fixed.

...which means your problem is somewhere else.

- Manuel