[ previous ] [ next ] [ threads ]
 
 From:  CARL dot P dot HIRSCH at sargentlundy dot com
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch, Vincent Fleuranceau <vincent at bikost dot com>
 Subject:  Re: [m0n0wall] Blocking WebGUI on LAN interface (editing default firewall rule)
 Date:  Wed, 22 Sep 2004 11:39:38 -0500
Thanks for the replies.

Being able to define a "management host" would probably suit me just fine.

Between this and being able to do local authentication, I'll be looking
forward eagerly to the next beta.

-carl



                                                                                                    
                                  
                      Manuel Kasper                                                                 
                                  
                      <mk at neon1 dot net>           To:       Vincent Fleuranceau <vincent at bikost dot com>   
                                  
                                               cc:       m0n0wall at lists dot m0n0 dot ch                     
                                  
                      09/22/04 02:21 AM        Subject:  Re: [m0n0wall] Blocking WebGUI on LAN
interface (editing default firewall     
                                                rule)                                               
                                  
                                                                                                    
                                  




On 22.09.2004 09:06 +0200, Vincent Fleuranceau wrote:

> # make sure the user cannot lock himself out of the webGUI
> pass in quick from $lansa/$lansn to $lanip keep state group 100
>
> This line comes *before* any user defined rule.
>
> Please download the source and read the entire /etc/inc.filter.inc
> file!
>
> This is not a bug but a design choice. I think Manuel does not want
> to have 50 people every week asking for assistance because they
> have locked themselves out of m0n0wall.

Exactly! And I'm 200% sure that would happen if it wasn't for that
rule. Still, the next beta release will probably have an option that
allows you to specify one IP address of a "management host" to only
accept webGUI traffic from that IP address. That will have to do.

- Manuel

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch