|
||||||||
Chris Buechler wrote: > On Jan 15, 2008 6:48 PM, Andrew Boothman <andrew at mux dot org dot uk> wrote: >> For the avoidance of doubt, below is my >> config.xml file which should show that I mainly have a default >> configuration that I presume is safe to use on my public connection: >> > > You have no rules on the WAN, which means no traffic initiated from > the Internet will be allowed. Chris, That's what I'd assumed - thanks for your input. I guess my question stemmed from my confusion over exactly what that -deny_incoming on FreeBSD's natd was achieving. It was my understanding that NAT was performing stateful inspection of incoming traffic, so it stood to reason that incoming traffic would be dropped if it didn't match an outgoing connection. It appears from natd's man page http://www.freebsd.org/cgi/man.cgi?query=natd that natd would pass traffic through if this flag was not supplied, and the incoming packet was correctly addressed. Hence me looking for something equivalent in m0n0wall's configuration. Thanks again! Andrew |