|
||||||||
> Von: Jon Tackabury <jtackabury at binaryfortress dot com> > Datum: Thu, 29 Jul 2004 08:53:24 -0400 > An: m0n0wall at lists dot m0n0 dot ch > Betreff: [m0n0wall] Destinatin Interfaces & NAT > > Question 1: Is it possible to specify a destination interface for the > ruleset? I need to say something like "Drop All UDP traffic going out > the OPT1 interface" but I can only seem to specify a destination address. i am missing that too!!! > > Question 2: Do the filter rules get processed before that NAT rules? > Like if I create a rule that says "Drop all traffic from 192.168.1.50", > will it still get NAT'd out to the WAN? nat happens before looking at the rules. this means your ruleset only "sees" the already natted ips. lola |