I've noticed that even with no rules to allow incoming ICMP to the LAN
interface, m0n0wall can still be pinged from the LAN side. Worse,
specifically creating a rule to deny everything not explicitly allowed
has the same result! (Yes, I remember to hit Apply after saving the
All other rules are TCP or UDP and are allowed.
block & log everything from any to any -> can STILL ping the interface
from the LAN. no fw log msg.
I have only the one block rule (I have logging enabled so I can see
what is blocked and what is not).
block log (all protocols) from any to any
block log (all icmp) from any to any
block log (all icmp incoming echo request) from any to any
Ping works in all the above cases...
- is this a default rule somewhere, and if so, what are the other
default rules? (Hope this is not the case)
- is it beta-related? (Hope so...)
This is very simple setup:
ADSL modem -> m0n0wall -> PC
m0n0 adsl 203.x.y.z
m0n0 lan 10.a.b.c
Default allow LAN rule changed to block and log, allow rules for TCP
connections added above it, no WAN rules at all (everything blocked,
incl ICMP???? which is working according to logs...), DHCP internal
enabled, DNS forwarding enabled, SNMP enabled. Everything else off.