[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Use "any" or "LAN" on LAN interface for Firewall ?
 Date:  Sun, 27 Aug 2006 00:18:47 -0400
On 8/26/06, Bob Young <bob at lavamail dot net> wrote:
> I realize that firewall rules are 'inbound only' for the interface in
> question.
> If I want to firewall a particular port from sending data into the LAN
> interface,

Which you can't do with LAN rules, since rules are inbound only.
That's inbound from the perspective of the firewall - LAN rules are
for traffic originating on the LAN, not going out to the LAN.

> Does it make any difference if I use "any" or "LAN subnet" for Source?
> Probably not, since both have the same effect?

Only if you have a router on your LAN with other subnets behind it.
Since you don't, there's no difference.

On most firewalls you'd want to keep it to LAN subnet to prevent
spoofed traffic from leaving your network, but m0n0wall handles all
that behind the scenes with its automatic antispoofing rules so it's
not something you have to take into account.