[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch, jason at mammothcomputers dot com
 Subject:  Fwd: [m0n0wall] Would like to filter outbound traffic for corporate security purposes but my rules don't seem to work
 Date:  Fri, 11 Nov 2005 22:13:34 -0500
All rules go top to bottom with the deny all as the last rule. If you
put(or left) the deny all at the top,this would explain whay all
traffice was blocked. Posting you config would be helpful in seeing
what your doing.

- Don

---------- Forwarded message ----------
From: Jason Collins <jason at mammothcomputers dot com>
Date: Nov 11, 2005 9:54 PM
Subject: [m0n0wall] Would like to filter outbound traffic for
corporate security purposes but my rules don't seem to work
To: m0n0wall at lists dot m0n0 dot ch


Hi, I can't believe no one has asked this question previously, but I"ve done
a dilligent search to no avail.  There are some posts saying that they need
outbound filtering, but it seems to me that it is already present in the LAN
side of the Firewall rules.  I added rules to pass DNS, HTTP, HTTPS, etc...
to the lan firewall rules and disabled the default outbound rule permitting
all traffic.  Once I applied the new settings, all traffic out ceased, even
on ports I had specifically enabled.  Is there something I'm missing here?
I based this off of similar configs I've done on Watchguard boxes so I
thought it would be a piece of cake, but I feel like a total noob.  Will
post my relevant status.php info if needed or desired.  Many thanks,

Jason M. Collins

p.s. to those wanting to know why I would want to do such a thing, it is the
will of my client after one of his users' workstations became infected with
a virus, sent out infected pornography to everyone in the address book,
clogged mailboxes for hundreds of people, and crashed two corporate
mailservers. So, he wants only necessary services to be available from here
on out.  As it's his servers, bandwidth, and PCs, I think he has every right
to make it so.  Thanks again,

Jason