Alex M wrote:
> Yes sure blocking everything is most secure but not always right choice.
> Well ok let's assume your solution? But what DNS has to do with IP address?
> Also I would prefer if mono could have this functionality build in and that
> if some on needs it like me so we can enable it... so maybe there is a
> trick to make it happen with mono box by itself?
It's not about "blocking everything" (even though that *is* a good
thing), it's a limitation in ipfilter. The "trick" is to do it via DNS,
if m0n0wall is your DNS server, otherwise, as the m0n0 docs state, it's
as I said (and the doc says) it's not exactly a m0n0wall issue, it's an
ipfilter/ipnat issue, see here:
If you are set on not using a DNS server for this, put the web server on
a different interface and create a DMZ - makes more sense, anyways, so
your LAN has no entry point from the outside. That's how a network with
externally available services and a LAN should be set up, regardless.