Forgot to include important data.
Here's the output from my status.php.
Passwords + certificates removed and a bit shorter.
Also I've been reading on and found not much more on why this happens.
The rules on the interfaces are to allow ALL. (for the sake of testing).
-- Jeroen Visser.
-----[snip]-----
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 169.254.0.1 UGSc 1 98539589 fxp0
10.11.23/24 169.254.0.1 UGSc 0 448124 fxp0
10.128/16 145.7.88.133 UGSc 2 1439878 fxp4
10.194/16 145.7.88.185 UGSc 0 270894 fxp3
127.0.0.1 127.0.0.1 UH 0 149040 lo0
145.7.88.132/30 link#5 UC 1 0 fxp4
145.7.88.133 00:90:1a:41:2f:ab UHLW 1 0 fxp4 484
145.7.88.184/30 link#4 UC 1 0 fxp3
145.7.88.185 00:90:1a:41:2f:ab UHLW 1 0 fxp3 484
169.254/30 link#1 UC 1 0 fxp0
169.254.0.1 00:0e:0c:83:07:45 UHLW 8 576 fxp0 200
172.15/24 169.254.0.1 UGSc 0 293760 fxp0
172.16 169.254.0.1 UGSc 3 47935 fxp0
172.216/22 link#3 UC 13 0 fxp2
172.216.1.1 00:08:02:20:ef:c7 UHLW 0 1209924 fxp2 743
172.216.1.2 00:0b:cd:6a:d3:47 UHLW 0 319596 fxp2 1185
172.216.1.3 00:0b:cd:24:28:a9 UHLW 0 927007 fxp2 1151
172.216.1.4 00:0b:cd:22:b1:ec UHLW 0 1607 fxp2 1181
172.216.1.5 00:30:6e:1d:74:46 UHLW 0 96882 fxp2 1199
172.216.1.6 00:0b:cd:24:2b:60 UHLW 0 745672 fxp2 1197
172.216.1.7 00:02:a5:68:11:c7 UHLW 0 630795 fxp2 983
172.216.1.8 00:0b:cd:0c:55:51 UHLW 0 613393 fxp2 1199
172.216.1.9 00:0b:cd:6a:da:25 UHLW 0 292859 fxp2 1099
172.216.1.10 00:02:a5:51:2c:50 UHLW 0 147 fxp2 245
172.216.3.55 00:02:a5:ad:09:df UHLW 0 141 fxp2 622
172.216.3.70 00:02:a5:8f:92:46 UHLW 0 62082 fxp2 721
172.216.3.71 00:08:02:15:62:ad UHLW 0 278 fxp2 695
192.168.0/30 link#6 UC 1 0 fxp5
192.168.0.2 00:40:10:18:8b:fd UHLW 0 17921 fxp5 526
ipfw show
ipfw: getsockopt(IP_FW_GET): Protocol not available
ipnat -lv
List of active MAP/Redirect filters:
List of active sessions:
List of active host mappings:
ipfstat -v
opts 0x40 name /dev/ipl
IPv6 packets: in 0 out 0
input packets: blocked 40371 passed 212278602 nomatch 0 counted 0 short 0
output packets: blocked 1305 passed 212146560 nomatch 0 counted 0 short 0
input packets logged: blocked 40180 passed 1315
output packets logged: blocked 0 passed 0
packets logged: input 0 output 0
log failures: input 0 output 0
fragment state(in): kept 13151 lost 18 not fragmented 0
fragment state(out): kept 13150 lost 19 not fragmented 0
packet state(in): kept 5587261 lost 191
packet state(out): kept 46246 lost 1305
ICMP replies: 0 TCP RSTs sent: 0
Invalid source(in): 0
Result cache hits(in): 18795813 (out): 22460886
IN Pullups succeeded: 0 failed: 0
OUT Pullups succeeded: 12809398 failed: 0
Fastroute successes: 0 failures: 0
TCP cksum fails(in): 0 (out): 0
Packet log flags set: (0)
none
ipfstat -nio
@1 pass out quick on lo0 from any to any
@2 pass out quick on fxp2 proto udp from 172.216.1.21/32 port = 67 to any port = 68
@3 pass out quick on fxp4 from 145.7.88.132/30 to 10.128.0.0/16
@4 pass out quick on fxp4 from 10.128.0.0/16 to 145.7.88.132/30
@5 pass out quick on fxp3 from 145.7.88.184/30 to 10.194.0.0/16
@6 pass out quick on fxp3 from 10.194.0.0/16 to 145.7.88.184/30
@7 pass out quick on fxp0 proto udp from any port = 68 to any port = 67
@8 pass out quick on fxp0 proto udp from 169.254.0.2/32 port = 500 to any
@9 pass out quick on fxp0 proto esp from 169.254.0.2/32 to any
@10 pass out quick on fxp0 proto ah from 169.254.0.2/32 to any
@11 pass out quick on fxp2 proto udp from 172.216.1.21/32 port = 500 to any
@12 pass out quick on fxp2 proto esp from 172.216.1.21/32 to any
@13 pass out quick on fxp2 proto ah from 172.216.1.21/32 to any
@14 pass out quick on fxp4 proto udp from 145.7.88.134/32 port = 500 to any
@15 pass out quick on fxp4 proto esp from 145.7.88.134/32 to any
@16 pass out quick on fxp4 proto ah from 145.7.88.134/32 to any
@17 pass out quick on fxp3 proto udp from 145.7.88.186/32 port = 500 to any
@18 pass out quick on fxp3 proto esp from 145.7.88.186/32 to any
@19 pass out quick on fxp3 proto ah from 145.7.88.186/32 to any
@20 pass out quick on fxp5 proto udp from 192.168.0.1/32 port = 500 to any
@21 pass out quick on fxp5 proto esp from 192.168.0.1/32 to any
@22 pass out quick on fxp5 proto ah from 192.168.0.1/32 to any
@23 pass out quick on fxp2 from any to any keep state
@24 pass out quick on fxp0 from any to any keep state
@25 pass out quick on fxp4 from any to any keep state
@26 pass out quick on fxp3 from any to any keep state
@27 pass out quick on fxp5 from any to any keep state
@28 block out log quick from any to any
@1 pass in quick on lo0 from any to any
@2 block in log quick from any to any with short
@3 block in log quick from any to any with ipopt
@4 pass in quick on fxp2 proto udp from any port = 68 to 255.255.255.255/32 port = 67
@5 pass in quick on fxp2 proto udp from any port = 68 to 172.216.1.21/32 port = 67
@6 skip 2 in on fxp4 from any to 145.7.88.134/32
@7 pass in quick on fxp4 from 145.7.88.132/30 to 10.128.0.0/16
@8 pass in quick on fxp4 from 10.128.0.0/16 to 145.7.88.132/30
@9 skip 2 in on fxp3 from any to 145.7.88.186/32
@10 pass in quick on fxp3 from 145.7.88.184/30 to 10.194.0.0/16
@11 pass in quick on fxp3 from 10.194.0.0/16 to 145.7.88.184/30
@12 block in log quick on fxp0 from 172.216.0.0/22 to any
@13 block in log quick on fxp0 from 145.7.88.132/30 to any
@14 block in log quick on fxp0 from 145.7.88.184/30 to any
@15 block in log quick on fxp0 from 192.168.0.0/30 to any
@16 block in log quick on fxp0 proto udp from any port = 67 to 172.216.0.0/22 port
= 68
@17 pass in quick on fxp0 proto udp from any port = 67 to any port = 68
@18 skip 1 in on fxp2 from 172.216.0.0/22 to any
@19 block in log quick on fxp2 from any to any
@20 skip 2 in on fxp4 from 10.128.0.0/16 to any
@21 skip 1 in on fxp4 from 145.7.88.132/30 to any
@22 block in log quick on fxp4 from any to any
@23 skip 2 in on fxp3 from 10.194.0.0/16 to any
@24 skip 1 in on fxp3 from 145.7.88.184/30 to any
@25 block in log quick on fxp3 from any to any
@26 skip 1 in on fxp5 from 192.168.0.0/30 to any
@27 block in log quick on fxp5 from any to any
@28 pass in quick on fxp0 proto udp from any to 169.254.0.2/32 port = 500
@29 pass in quick on fxp0 proto esp from any to 169.254.0.2/32
@30 pass in quick on fxp0 proto ah from any to 169.254.0.2/32
@31 pass in quick on fxp2 proto udp from any to 172.216.1.21/32 port = 500
@32 pass in quick on fxp2 proto esp from any to 172.216.1.21/32
@33 pass in quick on fxp2 proto ah from any to 172.216.1.21/32
@34 pass in quick on fxp4 proto udp from any to 145.7.88.134/32 port = 500
@35 pass in quick on fxp4 proto esp from any to 145.7.88.134/32
@36 pass in quick on fxp4 proto ah from any to 145.7.88.134/32
@37 pass in quick on fxp3 proto udp from any to 145.7.88.186/32 port = 500
@38 pass in quick on fxp3 proto esp from any to 145.7.88.186/32
@39 pass in quick on fxp3 proto ah from any to 145.7.88.186/32
@40 pass in quick on fxp5 proto udp from any to 192.168.0.1/32 port = 500
@41 pass in quick on fxp5 proto esp from any to 192.168.0.1/32
@42 pass in quick on fxp5 proto ah from any to 192.168.0.1/32
@43 skip 1 in proto tcp from any to any flags S/FSRA
@44 block in log quick proto tcp from any to any
@45 block in log quick on fxp2 from any to any head 100
@1 pass in quick from 172.216.0.0/22 to 172.216.1.21/32 keep state group 100
@2 pass in quick from 172.216.0.0/22 to any keep state keep frags group 100
@3 pass in quick from any to any keep state keep frags group 100
@46 block in log quick on fxp0 from any to any head 200
@1 pass in quick proto tcp from any to any keep state keep frags group 200
@2 pass in quick from any to any keep state keep frags group 200
@47 block in log quick on fxp4 from any to any head 300
@1 pass in quick proto tcp from any to any keep state keep frags group 300
@2 pass in quick from any to any keep state keep frags group 300
@48 block in log quick on fxp3 from any to any head 400
@1 pass in quick from any to any keep state keep frags group 400
@49 block in log quick on fxp5 from any to any head 500
@1 pass in quick from any to any keep state keep frags group 500
@50 block in log quick from any to any
unparsed ipnat rules
unparsed ipfilter rules
# loopback
pass in quick on lo0 all
pass out quick on lo0 all
# block short packets
block in log quick all with short
# block IP options
block in log quick all with ipopts
# allow access to DHCP server on LAN
pass in quick on fxp2 proto udp from any port = 68 to 255.255.255.255 port = 67
pass in quick on fxp2 proto udp from any port = 68 to 172.216.1.21 port = 67
pass out quick on fxp2 proto udp from 172.216.1.21 port = 67 to any port = 68
skip 2 in on fxp4 from any to 145.7.88.134
pass in quick on fxp4 from 145.7.88.132/30 to 10.128.0.0/16
pass in quick on fxp4 from 10.128.0.0/16 to 145.7.88.132/30
pass out quick on fxp4 from 145.7.88.132/30 to 10.128.0.0/16
pass out quick on fxp4 from 10.128.0.0/16 to 145.7.88.132/30
skip 2 in on fxp3 from any to 145.7.88.186
pass in quick on fxp3 from 145.7.88.184/30 to 10.194.0.0/16
pass in quick on fxp3 from 10.194.0.0/16 to 145.7.88.184/30
pass out quick on fxp3 from 145.7.88.184/30 to 10.194.0.0/16
pass out quick on fxp3 from 10.194.0.0/16 to 145.7.88.184/30
# WAN spoof check
block in log quick on fxp0 from 172.216.0.0/22 to any
block in log quick on fxp0 from 145.7.88.132/30 to any
block in log quick on fxp0 from 145.7.88.184/30 to any
block in log quick on fxp0 from 192.168.0.0/30 to any
# allow our DHCP client out to the WAN
# XXX - should be more restrictive
# (not possible at the moment - need 'me' like in ipfw)
pass out quick on fxp0 proto udp from any port = 68 to any port = 67
block in log quick on fxp0 proto udp from any port = 67 to 172.216.0.0/22 port = 68
pass in quick on fxp0 proto udp from any port = 67 to any port = 68
# LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses)
skip 1 in on fxp2 from 172.216.0.0/22 to any
block in log quick on fxp2 all
skip 2 in on fxp4 from 10.128.0.0/16 to any
skip 1 in on fxp4 from 145.7.88.132/30 to any
block in log quick on fxp4 all
skip 2 in on fxp3 from 10.194.0.0/16 to any
skip 1 in on fxp3 from 145.7.88.184/30 to any
block in log quick on fxp3 all
skip 1 in on fxp5 from 192.168.0.0/30 to any
block in log quick on fxp5 all
# Pass IKE packets
pass in quick on fxp0 proto udp from any to 169.254.0.2 port = 500
pass out quick on fxp0 proto udp from 169.254.0.2 port = 500 to any
# Pass ESP packets
pass in quick on fxp0 proto esp from any to 169.254.0.2
pass out quick on fxp0 proto esp from 169.254.0.2 to any
# Pass AH packets
pass in quick on fxp0 proto ah from any to 169.254.0.2
pass out quick on fxp0 proto ah from 169.254.0.2 to any
# Pass IKE packets
pass in quick on fxp2 proto udp from any to 172.216.1.21 port = 500
pass out quick on fxp2 proto udp from 172.216.1.21 port = 500 to any
# Pass ESP packets
pass in quick on fxp2 proto esp from any to 172.216.1.21
pass out quick on fxp2 proto esp from 172.216.1.21 to any
# Pass AH packets
pass in quick on fxp2 proto ah from any to 172.216.1.21
pass out quick on fxp2 proto ah from 172.216.1.21 to any
# Pass IKE packets
pass in quick on fxp4 proto udp from any to 145.7.88.134 port = 500
pass out quick on fxp4 proto udp from 145.7.88.134 port = 500 to any
# Pass ESP packets
pass in quick on fxp4 proto esp from any to 145.7.88.134
pass out quick on fxp4 proto esp from 145.7.88.134 to any
# Pass AH packets
pass in quick on fxp4 proto ah from any to 145.7.88.134
pass out quick on fxp4 proto ah from 145.7.88.134 to any
# Pass IKE packets
pass in quick on fxp3 proto udp from any to 145.7.88.186 port = 500
pass out quick on fxp3 proto udp from 145.7.88.186 port = 500 to any
# Pass ESP packets
pass in quick on fxp3 proto esp from any to 145.7.88.186
pass out quick on fxp3 proto esp from 145.7.88.186 to any
# Pass AH packets
pass in quick on fxp3 proto ah from any to 145.7.88.186
pass out quick on fxp3 proto ah from 145.7.88.186 to any
# Pass IKE packets
pass in quick on fxp5 proto udp from any to 192.168.0.1 port = 500
pass out quick on fxp5 proto udp from 192.168.0.1 port = 500 to any
# Pass ESP packets
pass in quick on fxp5 proto esp from any to 192.168.0.1
pass out quick on fxp5 proto esp from 192.168.0.1 to any
# Pass AH packets
pass in quick on fxp5 proto ah from any to 192.168.0.1
pass out quick on fxp5 proto ah from 192.168.0.1 to any
# Block TCP packets that do not mark the start of a connection
skip 1 in proto tcp all flags S/SAFR
block in log quick proto tcp all
#---------------------------------------------------------------------------
# group head 100 - LAN interface
#---------------------------------------------------------------------------
block in log quick on fxp2 all head 100
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on fxp2 all keep state
#---------------------------------------------------------------------------
# group head 200 - WAN interface
#---------------------------------------------------------------------------
block in log quick on fxp0 all head 200
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on fxp0 all keep state
#---------------------------------------------------------------------------
# group head 300 - opt1 interface
#---------------------------------------------------------------------------
block in log quick on fxp4 all head 300
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on fxp4 all keep state
#---------------------------------------------------------------------------
# group head 400 - opt2 interface
#---------------------------------------------------------------------------
block in log quick on fxp3 all head 400
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on fxp3 all keep state
#---------------------------------------------------------------------------
# group head 500 - opt3 interface
#---------------------------------------------------------------------------
block in log quick on fxp5 all head 500
# let out anything from the firewall host itself and decrypted IPsec traffic
pass out quick on fxp5 all keep state
# make sure the user cannot lock himself out of the webGUI
pass in quick from 172.216.0.0/22 to 172.216.1.21 keep state group 100
# User-defined rules follow
pass in quick proto tcp from any to any keep state keep frags group 200
pass in quick from any to any keep state keep frags group 200
pass in quick from any to any keep state keep frags group 500
pass in quick from any to any keep state keep frags group 400
pass in quick proto tcp from any to any keep state keep frags group 300
pass in quick from any to any keep state keep frags group 300
pass in quick from 172.216.0.0/22 to any keep state keep frags group 100
pass in quick from any to any keep state keep frags group 100
#---------------------------------------------------------------------------
# default rules (just to be sure)
#---------------------------------------------------------------------------
block in log quick all
block out log quick all
unparsed ipfw rules
add 50000 set 4 pass all from 172.216.1.21 to any
add 50001 set 4 pass all from any to 172.216.1.21
last x system log entries
Oct 3 21:29:10 kv1 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established:
AH/Tunnel 145.7.88.134->10.128.4.132 spi=157557440(0x96422c0)
Oct 3 21:29:10 kv1 racoon: INFO: pfkey.c:1197:pk_recvupdate(): IPsec-SA
established: AH/Tunnel 10.128.4.132->145.7.88.134 spi=173621867(0xa59426b)
Oct 3 21:29:10 kv1 racoon: INFO: pfkey.c:1420:pk_recvadd(): IPsec-SA established:
AH/Tunnel 145.7.88.134->10.128.4.132 spi=147378086(0x8c8cfa6)
Oct 3 21:29:18 kv1 racoon: INFO: isakmp.c:904:isakmp_ph1begin_r(): respond new
phase 1 negotiation: 145.7.88.134[500]<=>10.128.4.132[500]
Oct 3 21:29:18 kv1 racoon: INFO: isakmp.c:909:isakmp_ph1begin_r(): begin
Aggressive mode.
Oct 3 21:29:18 kv1 racoon: NOTIFY: oakley.c:2102:oakley_skeyid(): couldn't find
the proper pskey, try to get one by the peer's address.
Oct 3 21:29:18 kv1 racoon: INFO: isakmp.c:2459:log_ph1established(): ISAKMP-SA
established 145.7.88.134[500]-10.128.4.132[500] spi:a0233d5f731ec2ed:279cf08595094677
Oct 3 21:31:09 kv1 dnsmasq[96926]: exiting on receipt of SIGTERM
Oct 3 22:51:46 kv1 syslogd: exiting on signal 15
last 50 filter log entries
Oct 3 22:51:51 kv1 ipmon[99]: 22:51:50.765649 fxp4 @0:44 b 10.128.205.1,19074 ->
207.68.178.61,80 PR tcp len 20 40 -AF IN
Oct 3 22:51:58 kv1 ipmon[99]: 22:51:57.824470 fxp4 @0:44 b 10.128.46.0,23487 ->
213.205.34.45,80 PR tcp len 20 43 -AR IN
Oct 3 22:52:21 kv1 ipmon[99]: 22:52:20.550680 fxp4 @0:44 b 10.128.149.192,23042
-> 10.11.23.4,1302 PR tcp len 20 40 -AF IN
Oct 3 22:52:32 kv1 ipmon[99]: 22:52:31.703543 fxp4 @0:44 b 10.128.205.1,19100 ->
207.68.178.61,80 PR tcp len 20 40 -AF IN
Oct 3 22:53:16 kv1 ipmon[99]: 22:53:15.455200 fxp4 @0:44 b 10.128.205.1,19101 ->
207.68.178.61,80 PR tcp len 20 40 -AF IN
Oct 3 22:53:51 kv1 ipmon[99]: 22:53:50.599444 fxp4 @0:44 b 10.128.172.192,23691
-> 69.42.158.53,80 PR tcp len 20 40 -R IN
Oct 3 22:54:16 kv1 ipmon[99]: 22:54:15.819333 fxp4 @0:44 b 10.128.46.0,23539 ->
209.34.73.10,443 PR tcp len 20 43 -AR IN
config.xml
<?xml version="1.0"?>
<m0n0wall>
<version>1.5</version>
<lastchange>1128372753</lastchange>
<system>
<hostname>kv1</hostname>
<domain>ced-services.nl</domain>
<username>admin</username>
<password>xxxxx</password>
<timezone>Europe/Amsterdam</timezone>
<time-update-interval>300</time-update-interval>
<timeservers>pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<port/>
<certificate>xxxx</certificate>
<private-key>xxxx</private-key>
<expanddiags/>
</webgui>
<harddiskstandby/>
<dnsserver>172.16.0.4</dnsserver>
<dnsserver>172.16.0.15</dnsserver>
<polling/>
</system>
<interfaces>
<lan>
<if>fxp2</if>
<ipaddr>172.216.1.21</ipaddr>
<subnet>22</subnet>
<media>100baseTX</media>
<mediaopt>full-duplex</mediaopt>
</lan>
<wan>
<if>fxp0</if>
<mtu/>
<media/>
<mediaopt/>
<spoofmac/>
<ipaddr>169.254.0.2</ipaddr>
<subnet>30</subnet>
<gateway>169.254.0.1</gateway>
</wan>
<opt1>
<descr>MX-FLEX CED</descr>
<if>fxp4</if>
<ipaddr>145.7.88.134</ipaddr>
<subnet>30</subnet>
<media>100baseTX</media>
<mediaopt>full-duplex</mediaopt>
<bridge/>
<enable/>
</opt1>
<opt2>
<descr>MX-FLEX MEDITEL</descr>
<if>fxp3</if>
<ipaddr>145.7.88.186</ipaddr>
<subnet>30</subnet>
<media>100baseTX</media>
<mediaopt>full-duplex</mediaopt>
<bridge/>
<enable/>
</opt2>
<opt3>
<descr>EMN CAPELLE</descr>
<if>fxp5</if>
<ipaddr>192.168.0.1</ipaddr>
<subnet>30</subnet>
<media>100baseTX</media>
<mediaopt>full-duplex</mediaopt>
<bridge/>
<enable/>
</opt3>
<opt4>
<descr>RESERVED</descr>
<if>fxp1</if>
<ipaddr/>
<subnet>31</subnet>
<media>100baseTX</media>
<mediaopt>full-duplex</mediaopt>
<bridge/>
</opt4>
</interfaces>
<staticroutes>
<route>
<interface>wan</interface>
<network>10.11.23.0/24</network>
<gateway>169.254.0.1</gateway>
<descr/>
</route>
<route>
<interface>opt1</interface>
<network>10.128.0.0/16</network>
<gateway>145.7.88.133</gateway>
<descr/>
</route>
<route>
<interface>opt2</interface>
<network>10.194.0.0/16</network>
<gateway>145.7.88.185</gateway>
<descr/>
</route>
<route>
<interface>wan</interface>
<network>172.16.0.0/16</network>
<gateway>169.254.0.1</gateway>
<descr/>
</route>
<route>
<interface>wan</interface>
<network>172.15.0.0/24</network>
<gateway>169.254.0.1</gateway>
<descr/>
</route>
</staticroutes>
<pppoe/>
<pptp/>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
</dyndns>
<dnsupdate/>
<dhcpd>
<lan>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<ovpn/>
<dnsmasq/>
<snmpd>
<syslocation>xxxx</syslocation>
<syscontact>xxxx</syscontact>
<rocommunity>xxxx</rocommunity>
<enable/>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog>
<nentries>100</nentries>
<remoteserver/>
<reverse/>
</syslog>
<nat>
<advancedoutbound>
<enable/>
</advancedoutbound>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>wan</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt5</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt4</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt3</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt2</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<source>
<any/>
</source>
<destination>
<address>10.11.23.4</address>
</destination>
<log/>
<frags/>
<descr/>
<disabled/>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<rule>
<type>pass</type>
<interface>lan</interface>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<frags/>
<descr/>
</rule>
<bypassstaticroutes/>
<tcpidletimeout/>
</filter>
<ipsec/>
<aliases/>
<proxyarp/>
<wol/>
<shaper>
<magic>
<p2plow/>
<maxup>54000</maxup>
<maxdown>54000</maxdown>
</magic>
</shaper>
</m0n0wall>
-----[snip]----- | 