[ previous ] [ next ] [ threads ]
 From:  Will Dyson <will dot dyson at gmail dot com>
 To:  Chris Buechler <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] missing rule option... destination: WAN
 Date:  Tue, 8 Feb 2005 19:36:30 -0500
On Tue, 8 Feb 2005 00:16:56 -0500, Chris Buechler <cbuechler at gmail dot com> wrote:

> > I have only one subnet that I want to limit to WAN access only, but
> > I've wondered the same thing. It would certainly be a more intuitive
> > way to set it up.
> >
> To answer this portion, it's that the WAN isn't the destination, the
> destination would be any IP except those on local networks.  Since
> m0n0wall doesn't necessarily know what all networks are local, you
> can't automatically define what isn't local in a firewall rule.

Ah, I see. I'm more familiar with Linux's netfilter, which would allow
that (it can drop the packet after the routing decision has been made
to send it to the WAN interface).

Anyway, thanks for the answer. 

Will Dyson