[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  =?WINDOWS-1252?B?lSCV?= <googl3meister at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 1.2b7 HEADS UP- IPFilter rules won't stop ICMP on LAN interface
 Date:  Tue, 24 May 2005 21:11:54 -0400
On 5/24/05,   <googl3meister at gmail dot com> wrote:
> Hi,
> I've noticed that even with no rules to allow incoming ICMP to the LAN
> interface, m0n0wall can still be pinged from the LAN side.  Worse,
> specifically creating a rule to deny everything not explicitly allowed
> has the same result! (Yes, I remember to hit Apply after saving the
> rules.)

Yes, this is by design and has always been this way.  You can't drop
any traffic destined to the LAN IP by default, so people can't lock
themselves out of the GUI.  There's a checkbox on the Advanced page
called "Disable webGUI anti-lockout rule".  Check that, and you can
filter on the LAN IP all you want.