[ previous ] [ next ] [ threads ]
 From:  Sven Brill <madde at gmx dot net>
 To:  Sebastian Davie <sd at clients dot ch>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Stupid Question regarding Rules
 Date:  Sun, 14 Jan 2007 08:55:23 -0500
Sebastian Davie wrote:
> Hi Sven
> Thanks for that! I was only trying to block FTP to check my settings!
> FTP was something that I could get instant results on!
> All ok .. So from now on I wall always set "Source Port Range" to all
> and only block on the "Destination Port range" --- Would that be the
> best practice?
not necessarily. you might have an application that uses a pre-defined 
source port, in which case, you want to filter by that. but to block LAN 
access TO certain services on the WAN, yes, assume random source ports 
and block the destination ports.