|
||||||||
On 5/4/05, Robert Högberg <baggio at atari dot org> wrote: > > > > > > > I've blocked traffic from 192.168.50.x (monowall 2) to 192.168.40.x > > > (monowall 1) but monowall 2 happily ignores the rules. And yes, > > > i am initiating traffic from behind monwall 1. > > > > > > > Is the rule above the default allow all rule? You have any static > > routes on the system? (they would be unnecessary and could mess up > > filtering) > > > The rule is the only one in the lan-section. Yes, i have a bunch of > static rules that needs to be there because of multiple subnets. > Wait, from the sounds of the above, you put the rules on the wrong side. Only outbound traffic destined for the opposite side gets filtered. i.e. if you have site A with 192.168.50.0/24 and site B with 192.168.40.0/24, to block traffic from 50.x to 40.x, you need a rule on m0n0 A to do that. The static routes aren't necessary and can mess things up if you're entering them for subnets that are directly connected to m0n0wall either through VPN or any local interface. -Chris |