[ previous ] [ next ] [ threads ]
 
 From:  Frederick Page <fpage at thebetteros dot oche dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: SV: [m0n0wall] unable to block LAN from OPT1
 Date:  Fri, 17 Dec 2004 21:34:37 +0100
Hallo Ulrik,

Ulrik Lunddahl schrieb am 16. December 2004:

>I think you are right here, but i wanted this:
>
>1. Allow LAN -> WAN
>2. Allow OPT1 -> WAN
>3. Allow OPT2 -> WAN
>4. Deny all

Same here, only less complicated:

1. Allow LAN  -> WAN (works, I just said "! OPT1" in the default-rule)
2. Allow OPT1 -> WAN (does NOT work, it can always access LAN, despite
                     explicit setting "! LAN")

>I can make a rule like Allow * * from LAN to OPT1

Yeah, but the opposite does NOT work (Allow * * from OPT1 to ! LAN)

>but why can't i make an Allow * * from LAN to WAN ? Is there any
>technical reason for this ?

I was wondering myself, maybe such a possibility would overcome my
current problem?

Kind regards Frederick