[ previous ] [ next ] [ threads ]
 
 From:  David Cook <david dot cook at jetpress dot com>
 To:  "'m0n0wall at lists dot m0n0 dot ch'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Blocking WebGUI on LAN interface (editing default firewall rule)
 Date:  Wed, 22 Sep 2004 08:03:46 +0100
Sorry, my mistake. I wasn't aware of the hardcoded rule and wrongly assumed
Carl was referring to the default 'LAN subnet -> Any' firewall rule in the
GUI.

In this case the simplest way round is to run the Captive Portal on a third
optional interface where you get full control of the firewall rules. This is
probably stating the obvious though. :-)

>-----Original Message-----
>From: Chris Buechler [mailto:cbuechler at gmail dot com]
>Sent: 22 September 2004 03:25
>To: m0n0wall at lists dot m0n0 dot ch
>Subject: Re: [m0n0wall] Blocking WebGUI on LAN interface (editing
>default firewall rule)
>
>
>On Tue, 21 Sep 2004 07:59:10 +0100, David Cook 
><david dot cook at jetpress dot com> wrote:
>> Hi Carl,
>> 
>> I am not aware that the default rule on the LAN interface is 
>any different
>> to user configured rules. From my experimentation on v1.1 it is fully
>> editable like any other rule. If it doesn't do what you 
>require you can
>> simply edit or delete it.
>> 
>
>No you can't.  There's an implicit allow all to the LAN interface's
>IP, and it's put in on the back end somewhere.
>
>
>> One way to solve your problem would be to leave the rule in 
>place and create
>> a couple of rules above it to explicitly block HTTPS TCP 
>connections from
>> your LAN subnet to both the LAN and the WAN interface IPs. 
>'LAN subnet ->
>> Any' literally means just that including your WAN interface IP.
>> 
>
>You can't put anything above that rule on the LAN that's put in by the
>back end.
>
>My last post on it was here, and I have yet to get a response:
>
>http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=88&actio
>nargs[]=18
>
>-Chris
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>

JET PRESS LIMITED
Nunn Close
Huthwaite
Nottinghamshire
NG17 2HW
UK

Web:	www.jetpress.com
Tel:	+44-1623-551 800
Fax: 	+44-1623-551 175


Confidentiality Notice 
This message and its contents are confidential.  The contents are solely for the attention of the
recipient(s) named above and any unauthorised disclosure, copying or distribution is forbidden.  If
you are not the recipient named above, please contact the sender immediately and destroy this
message.  The views expressed in this message are those of the sender and not necessarily those of
JET PRESS LIMITED.