Re: [m0n0wall] Blocking WebGUI on LAN interface (editing default firewall rule)

From:	Chris Buechler <cbuechler at gmail dot com>
To:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Blocking WebGUI on LAN interface (editing default firewall rule)
Date:	Tue, 21 Sep 2004 22:24:30 -0400

On Tue, 21 Sep 2004 07:59:10 +0100, David Cook <david dot cook at jetpress dot com> wrote:
> Hi Carl,
> 
> I am not aware that the default rule on the LAN interface is any different
> to user configured rules. From my experimentation on v1.1 it is fully
> editable like any other rule. If it doesn't do what you require you can
> simply edit or delete it.
> 

No you can't.  There's an implicit allow all to the LAN interface's
IP, and it's put in on the back end somewhere.


> One way to solve your problem would be to leave the rule in place and create
> a couple of rules above it to explicitly block HTTPS TCP connections from
> your LAN subnet to both the LAN and the WAN interface IPs. 'LAN subnet ->
> Any' literally means just that including your WAN interface IP.
> 

You can't put anything above that rule on the LAN that's put in by the
back end.

My last post on it was here, and I have yet to get a response:

http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=88&actionargs[]=18

-Chris