Frederick Page schrieb am 17. December 2004:
>WAN : static IP
Addition: this is a /30 IP-address (netmask 255.255.255.252)
>LAN : 192.168.100.100/24
>Now I insert one single rule on OPT1:
>Action: Pass, Interface: OPT1, Protocol: AH, Source: any,
>Destination: NOT LAN subnet
Also tried creating an Alias (Firewall, Alias), changed the OPT1 rule
to "not: single network or alias" and put in the alias-name: same
effect, after applying this single rule, I can ICMP, TCP, etc. the
However: on the LAN-interface everything works as expected, I edited
the default-rule at the bottom (pass everything else) to "not OPT1"
and success: I cannot even ping the client on OPT1.
I just wish I could do the same on OPT1: forbid traffic to LAN.
Kind regards Frederick