[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  luki <luki at antos dash ecc dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] more than one OPT interface
 Date:  Wed, 10 Sep 2003 09:27:53 +0200 (CEST) 
On Tue, 9 Sep 2003, luki wrote:

>    I'm trying to solve problem with 2nd OPT interface (ep0) which even
> has its rules defined in the firewall ruleset provide no ip filtering. I
> found in status page that something added following "pipe"
>
> =============== CUT HERE ==================
> ***** ipfw show *****
> 00100 216  74224 allow ip from XX.XX.80.1 to any
> 00200  55   5526 allow ip from any to XX.XX.80.1
> 00300 132   7920 pipe 1 ip from any to XX.XX.81.0/24 via ep0
> 00400 130   7800 pipe 2 ip from XX.XX.81.0/24 to any via ep0
> 65535 473 202634 allow ip from any to any
> =============== CUT HERE ==================
>
>  in my config but have no idea where to switch off such "option".
>
> It seems that subnet behind the interface has no restrictions.

ipfw is only used for the traffic shaper. Look for the output of ipfstat
-hio if you're interested in the filter rules.

- Manuel