Christoph Gysin wrote:
>> I just updated this FAQ.
>> The example shown will only work if you have a static public IP. I'm
>> looking for a sanity check. If your WAN is DHCP, you'll have to set
>> the destination to any, right?
> But this is not what you want. If you set destination to any, you will
> allow all https-traffic to all your hosts on the LAN.
That would only apply if you have some hosts which are behind m0n0wall
but aren't using NAT, wouldn't it? -- As long as all your hosts are
behind NAT the packet would get through the firewall, hit the NAT table
and it wouldn't go any farther then that.
However, you could also create a "Deny from world-to-LAN" followed by a
"Allow all from world to any" (in both cases on the appropriate port), I
suspect that would work too.
They call it "PMS" because "Mad Cow Disease" was already taken