Re: [m0n0wall] Question about fw rules and interfaces.

From:	Ville Leinonen <monowall at leinonen dot org>
To:	Rasmus Fauske <rasmus at postboks dot org>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Question about fw rules and interfaces.
Date:	Fri, 17 Feb 2006 08:57:52 +0200

Hi,

Thank you for that information.

Br,

Ville

Rasmus Fauske wrote:
> monowall at leinonen dot org skrev:
>> Hi all,
>>
>> I just setup my fw and i create some vlans. Now i have intresting
>> situation for my fw rules and interfaces. Lets say that i have 
>> prodnet int
>> and mgmtnet int, now i want to make fw rule that allows telnet and ssh
>> from prodnet to mgmtnet and deny everything else. So my rules should be
>> like this (i also want there is no limitations for prodnet traffic)?
>>
>> prodnet:
>> Rule Proto Source  Port Destination Port
>> Pass TCP   prodnet *    mgmtnet     22
>> Pass TCP   prodnet *    mgmtnet     23
>> Deny *     *       *    mgmtnet     *
>> Pass *     prodnet *    *           *
>>
>> mgmtnet:
>> Rule Proto Source  Port Destination Port
>>
>> But now some reason i can take eg http session from prodnet to 
>> mgmtnet. Is
>> there some limitations for filtering or do i missunderstand something?
>> I running 1.21 version.
>>   
> You can do it like this as m0n0 only check incoming traffic on the 
> interface.
>