Re: [m0n0wall] Block all outgoing traffic, only allow certain

From:	Oliver Kapffer <oliver at kapffer dot net>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Block all outgoing traffic, only allow certain
Date:	Thu, 21 Jun 2007 05:16:06 +0200

Hi Gazza,

Gazza schrieb:
> Hi there
>
> Would I change the default LAN rule that passes everything to block/reject
> and then create LAN rules for each port that I would like my LAN to allow
> out. I have tried doing this, but getting pretty confused with the various
> options.
>
>   
Correct, you have to create a rule that blocks any traffic. You also 
have to create rules for the traffic you want to allow.


> Lets say for example I want ALL my pc's on my LAN to access ONLY the
> internet I would create the rule as above and place it at the bottom of the
> list. Then, (and this is where I get confused) what must I do to allow what
> I want to achieve? Please, be very specific.
>   

The position of the rule in the list is important. Traffic is analyzed 
and the first rule, beginning from the top, matching is used. Your rules 
to allow cetain traffic must be  positioned above the block all rule.
> I assume that I would apply the same rule for allowing email (port 25 and
> 110), https (port 443) for secure transfers like online banking, etc.
>
>   
Yes, you need a rule for any allowed traffic

good luck
Oliver