[ previous ] [ next ] [ threads ]
 
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Vincent Fleuranceau <vincent at bikost dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking WebGUI on LAN interface (editing default firewall rule)
 Date:  Wed, 22 Sep 2004 09:21:32 +0200
On 22.09.2004 09:06 +0200, Vincent Fleuranceau wrote:

> # make sure the user cannot lock himself out of the webGUI
> pass in quick from $lansa/$lansn to $lanip keep state group 100
> 
> This line comes *before* any user defined rule.
> 
> Please download the source and read the entire /etc/inc.filter.inc
> file!
> 
> This is not a bug but a design choice. I think Manuel does not want
> to have 50 people every week asking for assistance because they
> have locked themselves out of m0n0wall.

Exactly! And I'm 200% sure that would happen if it wasn't for that
rule. Still, the next beta release will probably have an option that
allows you to specify one IP address of a "management host" to only
accept webGUI traffic from that IP address. That will have to do.

- Manuel