> Can anyone show me how to create rules to restrict access on
> established tunnels? The default is to allow all traffic to pass
> between remote network to the local Lan. Can rules be setup to create
> a sort of one way tunnel?
Hi Kai... I am pretty sure that the rules must be applied to packets as
the ENTER an interface of the tunnel.
For packets flowing from Network_A to Network_B:
Network_A ---> m0n0wall_A >--IPSEC TUNNEL--> m0n0wall_B ---> Network_B
The rules to block/allow traffic in this direction would be applied on
the Network_A side of the m0n0wall_A.
Similarly if you wanted to restrict traffic from Network_B flowing to
Network_A, rules would need to be applied on the Network_B side of the
This works great when you control both sides of the VPN. Not so great
when you only control one side. In cases like this where I did not
control the other side, I have terminated VPNs on an OPT interface of
another firewall and applied the rules I wanted/needed on that interface
on the 3rd firewall like so:
(heh tried to draw it here in text like above but failed... )
Hope this helps.