[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] OPT2 Rule Configuration Question
 Date:  Mon, 27 Feb 2006 18:42:43 -0500
On 2/27/06, joe2141 <jrodriguezjr at gmail dot com> wrote:
> Hi All,
> I have an interesting problem that I am trying to solve (well interesting to me).  I have a FW for
which I have setup an OPT2 interface on 192.168.4.X.  Now my DMZ is 192.168.3.X and my LAN is
> Now what I want to do is very similar to what I am doing with my LAN network and that is not to
allow any traffic into the DMZ from the OPT2 network.  For instance, right now I do not let any
traffic that is on either the DMZ or OPT2 hit my LAN.  By the same token, I do not want to allow any
traffic that is on the OPT2 to hit my DMZ and LAN.  I have been able to take care of this for the
LAN but when I set up a rule not to allow traffic from OPT2 to go to the DMZ it does not work.  Is
there any particular reason why this is?  I do not understand why it is not taking.

Rule order would be my first guess, they're processed top down first
match, and you probably have a permit rule above the deny rule.