[ previous ] [ next ] [ threads ]
 
 From:  Thorsten Schmale <thorsten dot schmale at gmx dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ping
 Date:  Mon, 05 Jun 2006 14:44:32 +0200
Hi Guido,

first of all you have to check the "*Disable webGUI anti-lockout rule" 
box under Advanced.
If this box is unchecked the traffic from your lan is always permitted, 
no matter what firewall rules are defined.
Of course you have to make sure, that you create a rule which allows 
webgui access, otherwise you will not be able to login to the gui anymore.

After that you can use you rule to block icmp packets on the lan 
interface. But make sure, you place your rule before the "default lan -> 
any" rule.

Greets,
Thorsten Schmale


*Marx, Guido WI schrieb:
> Hi,
>
> I'm running m0n0wall on an EPIA CL6000 ITX-Board with CF and it works
> perfectly, thanks Manuel. 
>
> Now there is one thing I haven't figured out yet.
> How do I reject ping on the local LAN-Interface of my firewall. Rules like
> "reject; PROTOCOL: icmp; SOURCE-IP: lan net; DEST-IP: IP of firewall"
> doesn't work and that's ok so for my opinion.
>
> Is there an other way to realize my intention.
>
> --Guido
>
>