Re: [m0n0wall] Question about fw rules and interfaces.

From:	Rasmus Fauske <rasmus at postboks dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Question about fw rules and interfaces.
Date:	Fri, 17 Feb 2006 07:49:11 +0100

monowall at leinonen dot org skrev:
> Hi all,
>
> I just setup my fw and i create some vlans. Now i have intresting
> situation for my fw rules and interfaces. Lets say that i have prodnet 
> int
> and mgmtnet int, now i want to make fw rule that allows telnet and ssh
> from prodnet to mgmtnet and deny everything else. So my rules should be
> like this (i also want there is no limitations for prodnet traffic)?
>
> prodnet:
> Rule Proto Source  Port Destination Port
> Pass TCP   prodnet *    mgmtnet     22
> Pass TCP   prodnet *    mgmtnet     23
> Deny *     *       *    mgmtnet     *
> Pass *     prodnet *    *           *
>
> mgmtnet:
> Rule Proto Source  Port Destination Port
>
> But now some reason i can take eg http session from prodnet to 
> mgmtnet. Is
> there some limitations for filtering or do i missunderstand something?
> I running 1.21 version.
>   
You can do it like this as m0n0 only check incoming traffic on the 
interface.

-- 
Rasmus Fauske