[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Dave Warren <maillist at devilsplayground dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Block private networks
 Date:  Sun, 6 Mar 2005 15:20:52 -0500
On Sat, 05 Mar 2005 01:26:45 -0700, Dave Warren
<maillist at devilsplayground dot net> wrote:
> Question about the "block private networks" setting.  What exactly does
> this do in terms of the firewall rules it creates?
> 
> The reason I ask, I've noticed that even with this option enabled I can
> access a web server at http://192.168.100.1/ -- The webserver is part of
> the SURFboard modem I'm using, so it's existence isn't unwanted, but it
> made me curious why this works.
> 
> I'm guessing that the rule that allows stateful connections is above the
> rule which blocks traffic from private networks, and that there is
> nothing similar blocking outbound traffic.
> 

Any rules on the WAN side don't affect outbound connections because
the return traffic will be permitted by the state table.  Block
private networks drops inbound traffic to m0n0wall's WAN side
initiated from RFC 1918 nets.

-Chris