[ previous ] [ next ] [ threads ]
 From:  Josh <josh at nemesis dot net>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Cc:  "Jim Gifford" <baadpuppy at gmail dot com>
 Subject:  Re: [m0n0wall] Problem with deployment (timeout related)...
 Date:  Sat, 02 Oct 2004 19:22:36 -0700
On Sat, 2 Oct 2004 11:18:14 -0400, Jim Gifford <baadpuppy at gmail dot com> wrote:

>> Just want to chime in -
>> I know this wasn't m0n0's original purpose, but it's inclusion of
>> VLAN support makes it _very_ attractive for the ISP managed
>> firewall environment.  Not many commercial firewalls support
>> an unlimited number of vlans - and they are pricey.
>> The other thing m0n0 would need (if I'm understanding the
>> rulesets right) is having an outbound firewall rule for
>> 'WAN' instead of 'ANY'   (ie - to allow isolation between
>> different OPT interfaces).  I would love to see this in the
>> next beta as it would have other benefits as well.

> If you don't like the default NAT rule of "allow LAN to ANY" then just
> go to the menu Firewall->NAT and select the Outbound tab and check
> "Enable advanced outbound NAT".  This disables all the default rules.
> Then you can make all the rules exactly as you wish them to be.


I probably wasn't clear enough originally.  This is not in reference
to the default rule specifically - but any rule used for
internet bound (or WAN port bound) traffic.  Currently the only
way to specify this type of traffic is 'ANY', while it would be
much more useful to be able to specify 'WAN'.  Otherwise it's
impossible to define a policy that goes out to the WAN port
without punching a whole in the firewall into OPT1 / OPT2 etc.

I hope that's more clear.