[ previous ] [ next ] [ threads ]
 From:  Chris Buechler <cbuechler at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking WebGUI on LAN interface (editing default firewall rule)
 Date:  Tue, 21 Sep 2004 22:24:30 -0400
On Tue, 21 Sep 2004 07:59:10 +0100, David Cook <david dot cook at jetpress dot com> wrote:
> Hi Carl,
> I am not aware that the default rule on the LAN interface is any different
> to user configured rules. From my experimentation on v1.1 it is fully
> editable like any other rule. If it doesn't do what you require you can
> simply edit or delete it.

No you can't.  There's an implicit allow all to the LAN interface's
IP, and it's put in on the back end somewhere.

> One way to solve your problem would be to leave the rule in place and create
> a couple of rules above it to explicitly block HTTPS TCP connections from
> your LAN subnet to both the LAN and the WAN interface IPs. 'LAN subnet ->
> Any' literally means just that including your WAN interface IP.

You can't put anything above that rule on the LAN that's put in by the
back end.

My last post on it was here, and I have yet to get a response: