SV: [m0n0wall] unable to block LAN from OPT1

From:	"Ulrik Lunddahl" <ul at proconsult dot dk>
To:	"James W. McKeand" <james at mckeand dot biz>, <m0n0wall at lists dot m0n0 dot ch>
Subject:	SV: [m0n0wall] unable to block LAN from OPT1
Date:	Thu, 16 Dec 2004 20:23:36 +0100

James W. McKeand wrote:

> If my assumption about the Alias is true. You could also go the other
direction and assign
> a /23 subnet to the network alias. Then you could still use a /24 on
the PROJ# subnets.

I think you are right here, but i wanted this:

1. Allow LAN -> WAN
2. Allow OPT1 -> WAN
3. Allow OPT2 -> WAN
4. Deny all

As i can see your solution allows trafic between OPT1 and OPT2, right ?

I can make a rule like Allow * * from LAN to OPT1, but why can't i make
an Allow * * from LAN to WAN ? Is there any technical reason for this ?

Best regards
Ulrik Lunddahl