RE: [m0n0wall] Blocking the admin access on the lan.

From:	"James W. McKeand" <james at mckeand dot biz>
To:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Blocking the admin access on the lan.
Date:	Fri, 24 Feb 2006 09:27:50 -0600

darren dot gilham at cookson dot co dot uk wrote:
> Ok this may sound funny but is there a way to block port 80 on the
> lan nic 
> so web admin access is denied
> 
> The reason for this i'm using monowall as a captive portal so the lan
> is 
> my open wirless network the wan is connected to my guest network which
> provides internet access
> 
> so i have web admin locked down on the wan side and will only allow
> access 
> from our private lan
> 
> 
> i have a rule on the lan
> 
> X     TCP      LAN Net     *       192.168.100.1       HTTP(80)
> 
> 
> 192.168.100.1 is the lan nic ip address
> 
> is this a feature so you can't lock yourself out.

Yes this is to prevent lockout. There is the following on the System -
Advanced page:

WebGUI anti-lockout  
[]Disable WebGUI anti-lockout rule
By default, access to the WebGUI on the LAN interface is always
permitted, regardless of the user-defined filter rule set. Enable this
feature to control WebGUI access (make sure to have a filter rule in
place that allows you in, or you will lock yourself out!).
Hint: the "set LAN IP address" option in the console menu resets this
setting as well. 

_________________________________
James W. McKeand