[ previous ] [ next ] [ threads ]
 From:  "Martin Holst" <mail at martinh dot dk>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: LAN + DMZ + DMZ2 (firewall rules)
 Date:  Mon, 20 Oct 2003 23:44:26 +0200
Okay it WAS a stupid question.
I just installed it and tried my own last suggestion, and it works ;o)

-----Original Message-----
From: Martin Holst [mailto:mail at martinh dot dk] 
Sent: 20. oktober 2003 23:14
To: m0n0wall at lists dot m0n0 dot ch
Subject: [m0n0wall] LAN + DMZ + DMZ2 (firewall rules)

This is probably a noob question, but I'm used to Cisco access lists, so
I need to be sure that I get this right.
Any traffic is blocked until a rule permits it... even LAN->WAN (and
DMZ->WAN) traffic?
The idea is to setup three LANs for: wired LAN, wireless and server
(LAN, DMZ and DMZ2) all off them with full internet access but limited
or no access to each other.
If configuring rules for LAN you can only invert permission for one
subnet like DMZ but that would still give access to DMZ2, right?
I know it's mentioned under caveats as being "cumbersome" but is there
really any way?
Could you Invert permission for eg. /16 and then add
pinholes afterward?
Great product by the way!!