[ previous ] [ next ] [ threads ]
 From:  Falcor <falcor at netassassin dot com>
 To:  Alan Horn <ahorn at deorth dot org>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] keep state question.
 Date:  Fri, 02 Jan 2004 01:41:10 -0600
In/Out are determined by the source and destination that you place in 
the rule.  E.g.:
Prot: *| Source LAN net | Destination * | Port 21  and a action "Block" 
would block outbound FTP traffic (port 21 traffic of any sort actually) 
from the LAN network that you specified in the Interface setup to all 
networks the firewall/router are connected to.

by default install, all LAN traffic to any host on any port is allowed, 
and all inbound is denied/blocked.  

You would need to create allow rules for the PPTP network, OPT1 network, 
WiFi network(s) as well as any inbound rules you want or outbound 
blocking rules.  If you want to limit what your LAN users can access on 
the internet it is better to start with no rules (an implicit deny all 
basically) and simply add rules allowing them to do each specific thing. 
 I do that at work, but at home.. hey I allow myself to go everywhere...

Alan Horn wrote:

>How does one put in the ipfilter keywords 'keep state' with m0n0wall ?
>Also, all rules seem to be of the type 'pass in', is there an implicit
>'pass out any' type rule on all interfaces ?
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch