[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Blocking the admin access on the lan.
 Date:  Fri, 24 Feb 2006 09:27:50 -0600
darren dot gilham at cookson dot co dot uk wrote:
> Ok this may sound funny but is there a way to block port 80 on the
> lan nic 
> so web admin access is denied
> The reason for this i'm using monowall as a captive portal so the lan
> is 
> my open wirless network the wan is connected to my guest network which
> provides internet access
> so i have web admin locked down on the wan side and will only allow
> access 
> from our private lan
> i have a rule on the lan
> X     TCP      LAN Net     *       HTTP(80)
> is the lan nic ip address
> is this a feature so you can't lock yourself out.

Yes this is to prevent lockout. There is the following on the System -
Advanced page:

WebGUI anti-lockout  
[]Disable WebGUI anti-lockout rule
By default, access to the WebGUI on the LAN interface is always
permitted, regardless of the user-defined filter rule set. Enable this
feature to control WebGUI access (make sure to have a filter rule in
place that allows you in, or you will lock yourself out!).
Hint: the "set LAN IP address" option in the console menu resets this
setting as well. 

James W. McKeand