And to block everything else your last rule should be

Any proto, LAN source, any port, WAN dest, any port, drop
--
=Wayne


On Thu, Nov 13, 2008 at 11:11 AM, Tim Nelson <tnelson at rockbochs dot com> wrote:
> You haven't actually said what type of problem you're having... however looking at your rules...
I'd say there are a few changes you need to make.
>
> 1. Your port assignments should be in the "Destination" fields, not the "Source" fields.
> 2. Your rule for DNS should also/instead allow UDP.
> 3. Source should always be LAN net for that interface.
> 4. UDP is unneeded on protocols FTP, HTTPS, and SMTP.
>
> Please make those changes and post more information if the problems persist.
>
> Tim Nelson
> Systems/Network Support
> Rockbochs Inc.
> (218)727-4332 x105
>
> ----- "Nuno Meireles" <nuno dot meireles at cm dash penela dot pt> wrote:
>
>> I setup today a monowall box, but have some with the firewall rules.
>>
>> I need to allow traffic  from lan->Wan : http ftp pop smtp and block
>> everthing else.
>>
>> This is my setup
>>
>> Pro     Soruce  Port        Dest       Port
>> TCP      *     53 (DNS)          *         *
>> TCP    LAN net    80 (HTTP)      *           *
>> TCP           *       110 (POP3)     *               *
>> TCP/UDP       *       25 (SMTP)      *               *
>> TCP/UDP       *       443 (HTTPS)     *       *
>> TCP/UDP       *       21 (FTP)            *    *
>> TCP       LAN net     *       *              *
>>
>> Can you help???
>>
>> Nuno Meireles
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>