|
||||||||
Thanks Chris! That cures my curiosity :-) -----Original Message----- From: Chris Buechler [mailto:cbuechler at gmail dot com] Sent: Tuesday, August 02, 2005 12:27 PM Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] Re: m0n0 blocking outbound packets from email server?!?! On 8/2/05, Jeff Scott <jscott at padcomusa dot com> wrote: > > Thanks Chris, > > I did see this FAQ. And I would understand if the packet being > dropped is inbound from the Internet. But, this packet is outbound > from our LAN. Others around here who are far more knowledgable of IPfilter internals than I, say that explanation is a cop out, there are actually bugs that tear down sessions before they should be in some circumstances. Regardless, it's nothing to worry about. It isn't going to cause problems. > > Unless what your telling me is because the session was originally > initiated from the WAN, m0n0wall ignores the outbound rules and only > pays attention to the state table and/or NAT table? Is that true? it is indeed. > If > so, is there any documentation on the processing order of packets in > m0nowall? > see the raw ipfilter rules on status.php and read the ipfilter docs. I don't have time to look right now to refresh my memory, but basically it only allows new connections outbound from the LAN through rules on the back end. Any replies will be permitted by the existing states. -Chris --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |