[ previous ] [ next ] [ threads ]
 
 From:  Frederick Page <fpage at thebetteros dot oche dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Confirmed: bug in firewall on OPT1
 Date:  Fri, 17 Dec 2004 21:27:52 +0100
Frederick Page schrieb am 17. December 2004:

>WAN : static IP

Addition: this is a /30 IP-address (netmask 255.255.255.252)

>LAN : 192.168.100.100/24
>OPT1: 192.168.101.100/24

>Now I insert one single rule on OPT1:
>
>Action: Pass, Interface: OPT1, Protocol: AH, Source: any,
>Destination: NOT LAN subnet

Also tried creating an Alias (Firewall, Alias), changed the OPT1 rule
to "not: single network or alias" and put in the alias-name: same
effect, after applying this single rule, I can ICMP, TCP, etc. the
LAN.

However: on the LAN-interface everything works as expected, I edited
the default-rule at the bottom (pass everything else) to "not OPT1"
and success: I cannot even ping the client on OPT1.

I just wish I could do the same on OPT1: forbid traffic to LAN.

Kind regards Frederick