[ previous ] [ next ] [ threads ]
 From:  Andrew Boothman <andrew at mux dot org dot uk>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Denying Incoming Packets
 Date:  Wed, 16 Jan 2008 00:28:58 +0000
Chris Buechler wrote:
> On Jan 15, 2008 6:48 PM, Andrew Boothman <andrew at mux dot org dot uk> wrote:
>>  For the avoidance of doubt, below is my
>> config.xml file which should show that I mainly have a default
>> configuration that I presume is safe to use on my public connection:
> You have no rules on the WAN, which means no traffic initiated from
> the Internet will be allowed.


That's what I'd assumed - thanks for your input.

I guess my question stemmed from my confusion over exactly what that 
-deny_incoming on FreeBSD's natd was achieving. It was my understanding 
that NAT was performing stateful inspection of incoming traffic, so it 
stood to reason that incoming traffic would be dropped if it didn't 
match an outgoing connection.

It appears from natd's man page 
http://www.freebsd.org/cgi/man.cgi?query=natd that natd would pass 
traffic through if this flag was not supplied, and the incoming packet 
was correctly addressed. Hence me looking for something equivalent in 
m0n0wall's configuration.

Thanks again!