-------- Original Message --------
> You can't put anything above that rule on the LAN that's put in by
> the back end.
> My last post on it was here, and I have yet to get a response:
The definitive answer is: IT'S NOT POSSIBLE because a hard coded rule
(with the "quick" option set) prevents it. All user-generated rules are
simply **ignored** (because of the "quick" option).
See below what the source reads:
# make sure the user cannot lock himself out of the webGUI
pass in quick from $lansa/$lansn to $lanip keep state group 100
This line comes *before* any user defined rule.
Please download the source and read the entire /etc/inc.filter.inc file!
This is not a bug but a design choice. I think Manuel does not want to
have 50 people every week asking for assistance because they have locked
themselves out of m0n0wall.
If someone really need this as a feature, he/she will have to modify
filter.inc and rebuild the image. The WebGUI won't help at all.
Please let me know if I'm wrong.