[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Default Rules to DMZ
 Date:  Wed, 7 Jun 2006 10:41:32 -0400
On 6/7/06, Claudio Castro <ccastro at unr dot edu dot ar> wrote:
> If the traffics goes from the LAN to the the DMZ, the traffic is
> entering to the DMZ interface...that's what I think...I may be wrong.

Going from the LAN to the DMZ.  That's entering the LAN interface,
exiting the DMZ interface.  To put it another way, it's the interface
where the traffic originates.

> Anyway, so to stop this I would have to set a rule in the LAN interface
> to block any default traffic that is not affected by any other rule right?

Yes, modify your LAN rules appropriately to permit or deny as desired.
 If you're going to leave the default permit any rule there, you'll
have to put a reject or block rule above that rule (first matching
rule applies).