[ previous ] [ next ] [ threads ]
 
 From:  Cvetomir Conev <cvetomirconev at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] WebGUI, DNS blocking on selected interfaces
 Date:  Sat, 25 Jun 2005 22:14:10 +0300 
> Sounds like you have a permit any to any rule on the OPT interface.
> The reason the block rules didn't do anything is probably because they
> came after (below) the permit rule.  Move them above, or change the
> default any to any rule, and things will work.
> 
> -Chris
> 

No, there are no rules attached to the Optional interface. The fact
that PPTP worked without them was the reason for me to do further
investigation in the first place.

I examined the output from executing "ipfstat -nfo":

...
@3 pass out quick on dc0 from 10.1.180.0/25 to 10.0.0.0/8
@4 pass out quick on dc0 from 10.0.0.0/8 to 10.1.180.0/25
...
@6 pass in quick on dc0 from 10.1.180.0/25 to 10.0.0.0/8
@7 pass in quick on dc0 from 10.0.0.0/8 to 10.1.180.0/25
..

dc0 is the optional interface and 10.0.0.0/8 catches the networks
included in the city lan. I've set a static route to them and that
probably added those rules.

I removed the static route and the firewall entries were indeed
removed too. I guess I'm in trouble.

I'm confused, is that a bug or a feature?

-- 
My opinions may have changed, but not the fact that I am right.