On 8/26/06, Bob Young <bob at lavamail dot net> wrote:
> I realize that firewall rules are 'inbound only' for the interface in
> If I want to firewall a particular port from sending data into the LAN
Which you can't do with LAN rules, since rules are inbound only.
That's inbound from the perspective of the firewall - LAN rules are
for traffic originating on the LAN, not going out to the LAN.
> Does it make any difference if I use "any" or "LAN subnet" for Source?
> Probably not, since both have the same effect?
Only if you have a router on your LAN with other subnets behind it.
Since you don't, there's no difference.
On most firewalls you'd want to keep it to LAN subnet to prevent
spoofed traffic from leaving your network, but m0n0wall handles all
that behind the scenes with its automatic antispoofing rules so it's
not something you have to take into account.