On Tue, 8 Feb 2005 00:16:56 -0500, Chris Buechler <cbuechler at gmail dot com> wrote:
> > I have only one subnet that I want to limit to WAN access only, but
> > I've wondered the same thing. It would certainly be a more intuitive
> > way to set it up.
> To answer this portion, it's that the WAN isn't the destination, the
> destination would be any IP except those on local networks. Since
> m0n0wall doesn't necessarily know what all networks are local, you
> can't automatically define what isn't local in a firewall rule.
Ah, I see. I'm more familiar with Linux's netfilter, which would allow
that (it can drop the packet after the routing decision has been made
to send it to the WAN interface).
Anyway, thanks for the answer.