[ previous ] [ next ] [ threads ]
 
 From:  Alan Horn <ahorn at deorth dot org>
 To:  Falcor <falcor at netassassin dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] keep state question.
 Date:  Fri, 2 Jan 2004 00:05:31 -0800 (PST)
Ok..
for example then, how would I duplicate the following ipfilter rules in
m0n0wall ?

pass in quick on rtk0 proto icmp from any to any keep state
pass out on rtk0 proto udp from any to any keep state
pass out on rtk0 proto icmp from any to any keep state

rtk0 in this context is my 'wan' interface.


On Fri, 2 Jan 2004, Falcor wrote:

>Date: Fri, 02 Jan 2004 01:41:10 -0600
>From: Falcor <falcor at netassassin dot com>
>To: Alan Horn <ahorn at deorth dot org>
>Cc: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] keep state question.
>
>In/Out are determined by the source and destination that you place in
>the rule.  E.g.:
>Prot: *| Source LAN net | Destination * | Port 21  and a action "Block"
>would block outbound FTP traffic (port 21 traffic of any sort actually)
>from the LAN network that you specified in the Interface setup to all
>networks the firewall/router are connected to.
>
>by default install, all LAN traffic to any host on any port is allowed,
>and all inbound is denied/blocked.
>
>You would need to create allow rules for the PPTP network, OPT1 network,
>WiFi network(s) as well as any inbound rules you want or outbound
>blocking rules.  If you want to limit what your LAN users can access on
>the internet it is better to start with no rules (an implicit deny all
>basically) and simply add rules allowing them to do each specific thing.
> I do that at work, but at home.. hey I allow myself to go everywhere...
>
>Alan Horn wrote:
>
>>How does one put in the ipfilter keywords 'keep state' with m0n0wall ?
>>
>>Also, all rules seem to be of the type 'pass in', is there an implicit
>>'pass out any' type rule on all interfaces ?
>>
>>Cheers,
>>
>>Al
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>
>>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>