Re: [m0n0wall] Question about fw rules and interfaces.

From:	Ville Leinonen <monowall at leinonen dot org>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Question about fw rules and interfaces.
Date:	Fri, 17 Feb 2006 09:06:20 +0200

Hi again,

I wonder that this is quite bad feature. If i have lets say 15 prod 
vlans + 1 mgmt vlan and i want to limit traffic to that mgmt vlan, so based
on that what you tell i must to do incoming filtering for those 15 prod 
vlan?

Br,

Ville

Ville Leinonen wrote:
> Hi,
>
> Thank you for that information.
>
> Br,
>
> Ville
>
> Rasmus Fauske wrote:
>> monowall at leinonen dot org skrev:
>>> Hi all,
>>>
>>> I just setup my fw and i create some vlans. Now i have intresting
>>> situation for my fw rules and interfaces. Lets say that i have 
>>> prodnet int
>>> and mgmtnet int, now i want to make fw rule that allows telnet and ssh
>>> from prodnet to mgmtnet and deny everything else. So my rules should be
>>> like this (i also want there is no limitations for prodnet traffic)?
>>>
>>> prodnet:
>>> Rule Proto Source  Port Destination Port
>>> Pass TCP   prodnet *    mgmtnet     22
>>> Pass TCP   prodnet *    mgmtnet     23
>>> Deny *     *       *    mgmtnet     *
>>> Pass *     prodnet *    *           *
>>>
>>> mgmtnet:
>>> Rule Proto Source  Port Destination Port
>>>
>>> But now some reason i can take eg http session from prodnet to 
>>> mgmtnet. Is
>>> there some limitations for filtering or do i missunderstand something?
>>> I running 1.21 version.
>>>   
>> You can do it like this as m0n0 only check incoming traffic on the 
>> interface.
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>