Alex Randjelovic schrieb:
> How to deny access to monowall GUI to workstations connected to OPT1,
> but still allow them Internet access?
Short description, not in XML or GUI:
- on the GUI, only allow HTTPS-access (no must but recommendable).
- delete the fucking allow all rule(s)
- First rule on LAN allow only port 443 from the admin-PC to the LAN IP
of the firewall; apply and test
- second rule on LAN: deny everything from LAN to firewall LAN IP
- third rule on LAN: deny everything from LAN to firewall OPT1 IP; apply
- then as first rule on OPT1: deny everything from OPT1 to firewall OPT1 IP
- then second rule on opt1: deny everything from OPT1 to firewall LAN IP
ahead of the deny-rules you can allow ping if nessesary
after the deny-rules to your firewall you can do the "normal" rules