[ previous ] [ next ] [ threads ]
 
 From:  Cvetomir Conev <cvetomirconev at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] WebGUI, DNS blocking on selected interfaces
 Date:  Sun, 26 Jun 2005 00:10:52 +0300
> 
> Ok, I believe I remember what Manuel said about that now.  When you
> add a static route, it adds those rules to allow traffic in and out of
> the *same interface only*.  It's not allowing those networks to
> anything other than each other, and only on the OPT interface.
> They're added on the back end because Manuel didn't want to keep state
> on traffic passed into and out of the same interface, for performance
> reasons.
> 
> Because your static route technically wasn't specific enough (the /8
> includes local networks that shouldn't have a static route), it falls
> into the category of things that get screwed up by that methodology.
> :)
> 
> -Chris
> 

The problem is that the networks referenced by the static routes are
not secure. Putting these automatic rules at the end takes away the
control from me.

I'm leaving the routes to /32 network masks for now. Are you sure it
will not add automatic rules in the newer versions?

Anyway, you helped me to resolve this problem very quickly. Thank you.
-- 
My opinions may have changed, but not the fact that I am right.