I am not aware that the default rule on the LAN interface is any different
to user configured rules. From my experimentation on v1.1 it is fully
editable like any other rule. If it doesn't do what you require you can
simply edit or delete it.
One way to solve your problem would be to leave the rule in place and create
a couple of rules above it to explicitly block HTTPS TCP connections from
your LAN subnet to both the LAN and the WAN interface IPs. 'LAN subnet ->
Any' literally means just that including your WAN interface IP.
>From: CARL dot P dot HIRSCH at sargentlundy dot com
>[mailto:CARL dot P dot HIRSCH at sargentlundy dot com]
>Sent: 20 September 2004 21:56
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: [m0n0wall] Blocking WebGUI on LAN interface (editing default
>I'm in the process of setting up a m0n0wall box to act as a
>on an untrusted wireless LAN. That being the case, my LAN and WAN
>interfaces are sort of reversed from a typical install. My LAN
>untrusted... the WAN interface is more trusted than the LAN
>I'd like to prevent untrusted LAN users from accessing the
>WebGUI or SSH.
>I spent some time searching the list archives and saw that there's an
>implicit allow rule in the configuration that allows traffic to the LAN
>gateway interface from the LAN segment. It looks like this
>rule can not be
>edited via the GUI to prevent the user from accidentally shutting
>themselves off from being able to manage the m0n0wall. I have
>inbound from the WAN interface, so I'm comfortable disabling
>traffic to the
>LAN gateway from the LAN segment.
>Is there a text file on the system where I can comment out
>allow, or is there some other way of disabling traffic to the LAN
>Thanks for all the work on m0n0wall - it's a great system.
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
JET PRESS LIMITED
Tel: +44-1623-551 800
Fax: +44-1623-551 175
This message and its contents are confidential. The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden. If
you are not the recipient named above, please contact the sender immediately and destroy this
message. The views expressed in this message are those of the sender and not necessarily those of
JET PRESS LIMITED.