[ previous ] [ next ] [ threads ]
 From:  "Garrett" <glc at c dash email dot com>
 To:  "Lee Sharp" <leesharp at hal dash pc dot org>
 Cc:  "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Firewall Rules
 Date:  Fri, 28 Oct 2005 13:58:42 -0700
To clarify....

page: Firewall: Rules

OPT1 tab (1 rule)
Action: Pass
Proto: any
Source: (IP of PocketPC)
Port: any
Dest: (IP of PC)
Port: any

^ Permits access from the Pocket PC on OPT1 to a PC on LAN

***All other traffic is blocked***

LAN tab (2 rules, in order)
Action: Block
Proto: any
Source: not (!) (IP of PC allowed to communicate w/PocketPC)
Port: any
Dest: OPT1 net (
Port: any

^ Blocks all but one host on LAN from accessing any hosts on OPT1

bottom rule (automatically created):
Proto: any
Source:  LAN net
Port: any
Dest: any
Port: any
Desc: Default LAN - > any

^ Permits any traffic which makes it passed top rule

Does that look right?

----- Original Message -----
From: "Lee Sharp" <leesharp at hal dash pc dot org>
To: "Garrett" <glc at c dash email dot com>
Sent: Friday, October 28, 2005 12:01 PM
Subject: Re: [m0n0wall] Firewall Rules

> From: "Garrett" <glc at c dash email dot com>
> >> The LAN has an "Out Any" rule default.  You have to give the LAN an
> >> from the wireless IP.  You will need and "In" and an "Out" on the OPT1
> >> for
> >> the LAN IP.
> > Afraid you lost me there.  From the "Firewall: Rules: Edit" page:
> > "Choose on which interface packets must come **in** to match this rule."
> To go "out" of the LAN subnet, it comes "in" the LAN interface.
> > How do I add rules for traffic headed out the interface if there's only
> > option for traffic that comes in?
> Every door has two sides. :-)  Under the OPT tab, you will have a rule
> of the OPT subnet, "in" to the firewall, with a destination "out" of the
> interface to the IP of the client box.  I know the terminology gets
> confusing.  It is hard for me to keep straight as well.  I think you can
> this with just one rule under the OPT interface.  I think...