|
||||||||
Hi, I've noticed that even with no rules to allow incoming ICMP to the LAN interface, m0n0wall can still be pinged from the LAN side. Worse, specifically creating a rule to deny everything not explicitly allowed has the same result! (Yes, I remember to hit Apply after saving the rules.) All other rules are TCP or UDP and are allowed. ie: pass tcp.... pass tcp.... pass udp.... pass udp... block & log everything from any to any -> can STILL ping the interface from the LAN. no fw log msg. I have only the one block rule (I have logging enabled so I can see what is blocked and what is not). I've tried: block log (all protocols) from any to any block log (all icmp) from any to any block log (all icmp incoming echo request) from any to any Ping works in all the above cases... Just wondering: - is this a default rule somewhere, and if so, what are the other default rules? (Hope this is not the case) - is it beta-related? (Hope so...) This is very simple setup: ADSL modem -> m0n0wall -> PC m0n0 adsl 203.x.y.z m0n0 lan 10.a.b.c Default allow LAN rule changed to block and log, allow rules for TCP connections added above it, no WAN rules at all (everything blocked, incl ICMP???? which is working according to logs...), DHCP internal enabled, DNS forwarding enabled, SNMP enabled. Everything else off. Rgds gm |