[ previous ] [ next ] [ threads ]
 
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Default Rules to DMZ
 Date:  Wed, 7 Jun 2006 10:41:32 -0400
On 6/7/06, Claudio Castro <ccastro at unr dot edu dot ar> wrote:
>
> If the traffics goes from the LAN to the the DMZ, the traffic is
> entering to the DMZ interface...that's what I think...I may be wrong.
>

Going from the LAN to the DMZ.  That's entering the LAN interface,
exiting the DMZ interface.  To put it another way, it's the interface
where the traffic originates.


> Anyway, so to stop this I would have to set a rule in the LAN interface
> to block any default traffic that is not affected by any other rule right?
>

Yes, modify your LAN rules appropriately to permit or deny as desired.
 If you're going to leave the default permit any rule there, you'll
have to put a reject or block rule above that rule (first matching
rule applies).

-Chris