[ previous ] [ next ] [ threads ]
 
 From:  Mohamed Badri <mohamed at netbadri dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Rules order
 Date:  Thu, 29 Apr 2004 10:50:44 +0200 
Hello,

just a question about how monowall generate firewall rules
from xml file :

I want to let pass 10.0.0.0/8 subnet on one optional interface, but
on all optional interfaces there is a rule that deny all subnets except the
subnet of the interface.
something like

...
@23 block in log quick on em6 from !192.168.8.0/24 to any
@24 block in log quick on em8 from !192.168.1.0/24 to any
@25 block in log quick on em9 from !192.168.6.0/24 to any
...

For example what to do if I want to accept subnet 10.0.0.0/8 on interface em9 ?
If I add a rule that let pass this subnet, the rule is added after this list.

so 10.0.0.0/8 subnet can't be routed througth this interface.

thank you.

-----------------------------------------------------------
...
@17 block in log quick on bge0 from !192.168.10.0/24 to any
@18 block in log quick on em0 from !192.168.2.0/24 to any
@19 block in log quick on em1 from !192.168.4.0/24 to any
@20 block in log quick on em2 from !192.168.7.0/24 to any
@21 block in log quick on em4 from !192.168.3.0/24 to any
@22 block in log quick on em5 from !192.168.5.0/24 to any
@23 block in log quick on em6 from !192.168.8.0/24 to any
@24 block in log quick on em8 from !192.168.1.0/24 to any
@25 block in log quick on em9 from !192.168.6.0/24 to any
@26 block in log quick on bge1 from 10.0.0.0/8 to any
@27 block in log quick on bge1 from 127.0.0.0/8 to any
@28 block in log quick on bge1 from 172.16.0.0/12 to any
@29 block in log quick on bge1 from 192.168.0.0/16 to any
@30 skip 1 in proto tcp from any to any flags S/FSRA
@31 block in log quick proto tcp from any to any
@32 block in log quick on bge0 from any to any head 100
@33 block in log quick on bge1 from any to any head 200
@34 block in log quick on em0 from any to any head 300
@35 block in log quick on em1 from any to any head 400
@36 block in log quick on em2 from any to any head 500
@37 block in log quick on em4 from any to any head 700
@38 block in log quick on em5 from any to any head 800
@39 block in log quick on em6 from any to any head 900
@40 block in log quick on em8 from any to any head 1100
@41 block in log quick on em9 from any to any head 1200
@1 pass in quick proto tcp from 10.0.0.0/8 to 192.168.2.1/32 port = 110 keep
state group 1200
@42 block in log quick from any to any

---------------------------
http://webmail.netbadri.com