[ previous ] [ next ] [ threads ]
 From:  Andrew Boothman <andrew at mux dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Denying Incoming Packets
 Date:  Tue, 15 Jan 2008 23:48:03 +0000
Neil A. Hillard wrote:
>> When I was using FreeBSD itself for NAT on my network I used to use the
>> deny_incoming flag for natd (http://www.freebsd.org/cgi/man.cgi?query=n
>> atd) to ensure that I wouldn't get any incoming traffic that didn't
>> match up with outgoing traffic.
>> Is there an equivalent setting for m0n0wall, or is it not required?
>> I haven't made many configuration changes (other than IP range
>> settings) so is it OK to hook up my WAN port to my cable modem
>> connection with the default configuration?
>> The only Firewall or NAT rule set up is the default "Default LAN ->
>> any" one.
> You can rest easy as m0n0wall is stateful in that it will only allow
> return traffic to established connections.
> In your case, with your rules, m0n0wall will only allow incoming traffic
> that is in response to a connection that one of your LAN devices has
> initiated.


Thanks for your reply! For the avoidance of doubt, below is my 
config.xml file which should show that I mainly have a default 
configuration that I presume is safe to use on my public connection:

<?xml version="1.0"?>
             <descr>Default LAN -&gt; any</descr>