[ previous ] [ next ] [ threads ]
 
 From:  "Joe Lagreca" <joe at BIGnetOnline dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] m0n0 and VLANs problem setting up
 Date:  Mon, 1 Oct 2007 09:38:23 -0700
What is the need for the rule on the LAN that allows internet access?
Is it there to let in any traffic from anywhere that was originated on
the LAN?

If I don't have any rules on the VLAN interfaces, then other VLANs
should not be able to ping each other, correct?  Right now I think
they can ping each other with no rules.

I have dismantled the whole system, but am about to deploy, so I can
test this all out very soon.

Joe


On 9/30/07, Chris Buechler <cbuechler at gmail dot com> wrote:

> Rules are only applied inbound to an interface (inbound always from
> the perspective of the firewall). If you allow everything on every
> interface, everything is allowed. The default on WAN and OPT
> interfaces is no rules, so everything is denied. If you add an allow
> all rule, you're bypassing that.
>
> -Chris