[ previous ] [ next ] [ threads ]
 
 From:  "Jeff Scott" <jscott at padcomusa dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Re: m0n0 blocking outbound packets from email server?!?!
 Date:  Tue, 2 Aug 2005 12:38:55 -0400
Thanks Chris!

That cures my curiosity :-)



-----Original Message-----
From: Chris Buechler [mailto:cbuechler at gmail dot com] 
Sent: Tuesday, August 02, 2005 12:27 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Re: m0n0 blocking outbound packets from email
server?!?!

On 8/2/05, Jeff Scott <jscott at padcomusa dot com> wrote:
> 
> Thanks Chris,
> 
> I did see this FAQ.  And I would understand if the packet being 
> dropped is inbound from the Internet.  But, this packet is outbound 
> from our LAN.

Others around here who are far more knowledgable of IPfilter internals
than I, say that explanation is a cop out, there are actually bugs that
tear down sessions before they should be in some circumstances.

Regardless, it's nothing to worry about.  It isn't going to cause
problems.  


> 
> Unless what your telling me is because the session was originally 
> initiated from the WAN, m0n0wall ignores the outbound rules and only 
> pays attention to the state table and/or NAT table?  Is that true?

it is indeed.  


> If
> so, is there any documentation on the processing order of packets in 
> m0nowall?
> 

see the raw ipfilter rules on status.php and read the ipfilter docs. 
I don't have time to look right now to refresh my memory, but basically
it only allows new connections outbound from the LAN through rules on
the back end.  Any replies will be permitted by the existing states.

-Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch