Re: [m0n0wall] One-way VPN?

From:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] One-way VPN?
Date:	Thu, 17 Mar 2005 23:19:05 -0500

On Thu, 17 Mar 2005 12:57:07 -0000, Richard Parvass
<Richard dot Parvass at aaland dot co dot uk> wrote:
> I've got two m0n0walls VPN-connected. Is it possible to stop one m0n0
> from initiating a connection? I've been thinking hard over this one, but
> can't see how to achieve it, and haven't found suitable keywords that
> produce an answer from the archives.
> 

Yes.  If site A is 192.168.1.0/24 and you don't want site B to be able
to initiate connections to site A, put in a rule on the LAN interface
at site A denying traffic from any to 192.168.1.0/24.  Replies to
traffic initiated by site A will be let through by existing state
entries.

-Chris