[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  "Monowall Support List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Port Blocking
 Date:  Sat, 30 Jun 2007 14:41:50 -0400
On 6/30/07, Henning Andreseck <AndreseckH at gymszbad dot de> wrote:
> Hi there,
> i want to block port 80 (http) for everybody except the proxy-server.
> The first rule in the "Rules -> LAN" is "allow-everything from lan to **".
> afterwards i createted a rule "deny port 80 from lan to **".
> when i try to connect direct to the WAN without the proxy works. where
> is my problem/mistake??

You need the block rule to come before the allow rule. Rules are
processed in order, by putting the allow all rule at the top, you're
allowing everything and your block rule will never be hit. Ideally,
put in just specific allow rules and delete the default allow rule.