[ previous ] [ next ] [ threads ]
 
 From:  monowall at leinonen dot org
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Question about fw rules and interfaces.
 Date:  Fri, 17 Feb 2006 08:30:54 +0200 (EET)
Hi all,

I just setup my fw and i create some vlans. Now i have intresting
situation for my fw rules and interfaces. Lets say that i have prodnet int
and mgmtnet int, now i want to make fw rule that allows telnet and ssh
from prodnet to mgmtnet and deny everything else. So my rules should be
like this (i also want there is no limitations for prodnet traffic)?

prodnet:
Rule Proto Source  Port Destination Port
Pass *     prodnet *    *           *

mgmtnet:
Rule Proto Source  Port Destination Port
Pass TCP   prodnet *    mgmtnet     22
Pass TCP   prodnet *    mgmtnet     23
Deny *     *       *    *           *

But now some reason i can take eg http session from prodnet to mgmtnet. Is
there some limitations for filtering or do i missunderstand something?
I running 1.21 version.

Best regards,

Ville Leinonen