Thanks for the replies.
Being able to define a "management host" would probably suit me just fine.
Between this and being able to do local authentication, I'll be looking
forward eagerly to the next beta.
-carl
Manuel Kasper
<mk at neon1 dot net> To: Vincent Fleuranceau <vincent at bikost dot com>
cc: m0n0wall at lists dot m0n0 dot ch
09/22/04 02:21 AM Subject: Re: [m0n0wall] Blocking WebGUI on LAN
interface (editing default firewall
rule)
On 22.09.2004 09:06 +0200, Vincent Fleuranceau wrote:
> # make sure the user cannot lock himself out of the webGUI
> pass in quick from $lansa/$lansn to $lanip keep state group 100
>
> This line comes *before* any user defined rule.
>
> Please download the source and read the entire /etc/inc.filter.inc
> file!
>
> This is not a bug but a design choice. I think Manuel does not want
> to have 50 people every week asking for assistance because they
> have locked themselves out of m0n0wall.
Exactly! And I'm 200% sure that would happen if it wasn't for that
rule. Still, the next beta release will probably have an option that
allows you to specify one IP address of a "management host" to only
accept webGUI traffic from that IP address. That will have to do.
- Manuel
---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch | 