[ previous ] [ next ] [ threads ]
 
 From:  "Jason Collins" <jason at mammothcomputers dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Would like to filter outbound traffic for corporate security purposes but my rules don't seem to work
 Date:  Sat, 12 Nov 2005 05:24:33 -0600 
Glad to post the config -- I am assuming you want the rules and not the
whole thing (it' rather large)?  I figured out from the documentation and
having used other firewalls the top to bottom filtering and in an effort to
get it working, tried leaving out a deny rule altogether and it still
wouldn't let anything through.  Anyway, here's the rules config:

       <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>tcp</protocol>
            <source>
                <network>lan</network>
                <port>53</port>
            </source>
            <destination>
                <any/>
                <port>53</port>
            </destination>
            <descr>DNS Out (Allowed)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>tcp</protocol>
            <source>
                <network>lan</network>
                <port>80</port>
            </source>
            <destination>
                <any/>
                <port>80</port>
            </destination>
            <descr>HTTP Out (Allowed)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>tcp</protocol>
            <source>
                <network>lan</network>
                <port>443</port>
            </source>
            <destination>
                <any/>
                <port>443</port>
            </destination>
            <descr>HTTPS Out (Allowed)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>tcp</protocol>
            <source>
                <network>lan</network>
                <port>21</port>
            </source>
            <destination>
                <any/>
                <port>21</port>
            </destination>
            <descr>FTP Out (Allowed)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>tcp</protocol>
            <source>
                <network>lan</network>
                <port>123</port>
            </source>
            <destination>
                <any/>
                <port>123</port>
            </destination>
            <descr>NIST Time Out (Allowed)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>192.168.1.250</address>
                <port>25</port>
            </source>
            <destination>
                <any/>
            </destination>
            <descr>SMTP Server Only Out (allowed)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>tcp/udp</protocol>
            <source>
                <address>192.168.1.250</address>
                <port>110</port>
            </source>
            <destination>
                <any/>
            </destination>
            <descr>POP3 Server Only Out (Allowed)</descr>
        </rule>
        <rule>
            <type>pass</type>
            <interface>lan</interface>
            <protocol>icmp</protocol>
            <source>
                <address>192.168.1.1</address>
            </source>
            <destination>
                <any/>
            </destination>
            <descr>ICMP Out from Gateway (allowed)</descr>
        </rule>
        <rule>
            <type>block</type>
            <interface>lan</interface>
            <source>
                <network>lan</network>
            </source>
            <destination>
                <any/>
            </destination>
            <disabled/>
            <descr>Default Out (Blocked) -- Must be last rule in
list</descr>