[ previous ] [ next ] [ threads ]
 
 From:  Jukka Salmi <j+m0n0wall at 2004 dot salmi dot ch>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] interfering filter rule
 Date:  Fri, 23 Jul 2004 18:32:37 +0200
Hi,

Vincent Fleuranceau --> m0n0wall (2004-07-23 16:54:42 +0200):
> >has explicit rules to let these connections pass they are blocked
> >because of an automatically generated rule wich is evaluated
> >earlier:
> 
> >Is this a bug in m0n0wall or am I missing something?
> 
> There are hard-coded rules (anti-spoof check for LAN and OPT interfaces)
> in m0n0wall that cannot be disabled. Because of the "quick" keyword,
> user-defined rules (which come after the anti-spoof check) have no
> effect... Not a bug, a design choice. Sorry :-(
> 
> Read the code in filer.inc and you'll see why.

Ah, yes, I see.

...and thanks to the firmware upload option in the webGUI it easy
to fix permanently without having to have physical access to the
device. What a great software package!


Cheers, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~