Re: [m0n0wall] Default Rules to DMZ

From:	Claudio Castro <ccastro at unr dot edu dot ar>
To:	Chris Buechler <cbuechler at gmail dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Default Rules to DMZ
Date:	Wed, 07 Jun 2006 09:23:58 -0300

Chris Buechler escribió:
> On 6/6/06, Claudio Castro <ccastro at unr dot edu dot ar> wrote:
>> Hi all,
>>  I was just testing some rules when I find that the DMZ zone is
>> accepting any kind of traffic FROM the LAN zone....is this correct by
>> default? Because I don have any rules allowing this in my dmz's ruleset.
>>
>
> Your default LAN to any rule allows this.
>
> Rules are applied on the interface the traffic enters (in this case 
> the LAN).
>
> -Chris
>
If the traffics goes from the LAN to the the DMZ, the traffic is 
entering to the DMZ interface...that's what I think...I may be wrong.

Anyway, so to stop this I would have to set a rule in the LAN interface 
to block any default traffic that is not affected by any other rule right?


-Claudio
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>