[ previous ] [ next ] [ threads ]
 
 From:  "Neil A. Hillard" <m0n0 at dana dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Denying Incoming Packets
 Date:  Tue, 15 Jan 2008 21:58:03 +0000
Andrew,

In message <478D27A5 dot 8030303 at mux dot org dot uk>, Andrew Boothman
<andrew at mux dot org dot uk> writes
>Everyone,
>
>Apologies for repeating this message from the web forum - but my
>message received no replies and I would much appreciate any response
>that anyone could give (including telling me if I'm not making
>sense!)...
>
>When I was using FreeBSD itself for NAT on my network I used to use the
>deny_incoming flag for natd (http://www.freebsd.org/cgi/man.cgi?query=n
>atd) to ensure that I wouldn't get any incoming traffic that didn't
>match up with outgoing traffic.
>
>Is there an equivalent setting for m0n0wall, or is it not required?
>
>I haven't made many configuration changes (other than IP range
>settings) so is it OK to hook up my WAN port to my cable modem
>connection with the default configuration?
>
>The only Firewall or NAT rule set up is the default "Default LAN ->
>any" one.

You can rest easy as m0n0wall is stateful in that it will only allow
return traffic to established connections.

In your case, with your rules, m0n0wall will only allow incoming traffic
that is in response to a connection that one of your LAN devices has
initiated.

HTH,


                                Neil.

-- 
Neil A. Hillard                E-Mail:   m0n0 at dana dot org dot uk