Re: [m0n0wall] monowall GUI access from OPT1

From:	Christoph hanle <christoph dot hanle at leinpfad dot de>
To:	Alex Randjelovic <alexr at atnetplus dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] monowall GUI access from OPT1
Date:	Sun, 17 Jul 2005 21:40:48 +0200

Alex Randjelovic schrieb:
> Hello,
 > How to deny access to monowall GUI to workstations connected to OPT1,
> but still allow them Internet access?
Short description, not in XML or GUI:
- on the GUI, only allow HTTPS-access (no must but recommendable).
- delete the fucking allow all rule(s)
- First rule on LAN allow only port 443 from the admin-PC to the LAN IP
of the firewall; apply and test
- second rule on LAN: deny everything from LAN to firewall LAN IP
- third rule on LAN: deny everything from LAN to firewall OPT1 IP; apply
and test.
- then as first rule on OPT1: deny everything from OPT1 to firewall OPT1 IP
- then second rule on opt1: deny everything from OPT1 to firewall LAN IP
ahead of the deny-rules you can allow ping if nessesary

after the deny-rules to your firewall you can do the "normal" rules

bye
Christoph