[ previous ] [ next ] [ threads ]
 
 From:  "Thomas Hertz" <term at cynisk dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] default ruleset
 Date:  Fri, 28 May 2004 20:40:00 +0200
You can see for yourself using "ipfstat -o" in the exec.php that this is so.

$ ipfstat -o
pass out quick on lo0 from any to any
pass out quick on sis1 proto udp from 192.168.0.1/32 port = 67 to any port =
68
pass out quick on sis0 proto udp from any port = 68 to any port = 67
pass out quick on sis1 from any to any keep state
pass out quick on sis0 from any to any keep state
pass out quick on sis2 from any to any keep state
block out log quick from any to any

The same goes for "ipfstat -i", for inwards.

// Thomas Hertz

> -----Original Message-----
> From: Adam Nellemann [mailto:adam at nellemann dot nu]
> Sent: den 28 maj 2004 20:35
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] default ruleset
> 
> nicolas bussieres wrote:
> > By default everything is blocked inbound and eveything is open outbound
> on
> > the lan->wan interface
> > if you add an extra NIC , you have to add rules as everything is blocked
> > inbound/outbound
> 
> Huh! Does this mean that for the LAN, unlike for the WAN, I need to
> add a "Block all" rule at the bottom of my list of LAN rules, if I
> don't want m0n0wall to pass everything from LAN to WAN?
> 
> I had the impression that m0n0wall came with ALL interfaces blocked by
> default?!?
> 
> Please enlighten me, as I will need to make some changes in my
> firewall rules if this is true...
> 
> 
> Thanks,
> 
> Adam.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch