[ previous ] [ next ] [ threads ]
 
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  Don Munyak <don dot munyak at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Bogus network filtering
 Date:  Wed, 13 Jul 2005 13:04:35 -0400
On 7/13/05, Don Munyak <don dot munyak at gmail dot com> wrote:
> 
> ?? Since m0n0wall uses the "keep state" keyword, Is there a point to
> entereing the following for the WAN FW Rules.
> 
<snip>

Yes, if you have services opened to the Internet.  If you don't have
any NAT/firewall rules allowing traffic from the Internet in, then
there is no reason to add those since everything is going to get
dropped anyway.


> 
> Assuming the answer is yes, am I correct in placing the rules ahead of
> my user defined "pass in" for WAN interface.
> 

Yes, otherwise they serve no purpose.  

-Chris