News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Feature Requests
linktree Topic: Outgoing filtering rules on interfaces
Pages: [1]
Topic: Outgoing filtering rules on interfaces  (Read 1721 times)
« on: October 08, 2007, 14:07:01 »
tonix *
Posts: 3
It would great to have outgoing filtering rules on interfaces.
This would allow much more flexibility and easyness of rules management.

Example:
    Interfaces: WAN (Internet), LAN1 (MY WEB), LAN2 (Customer WEB)

Actually, if I want to filer request to LAN1, I have to put rules both on WAN and LAN2 input.
Instead, I'd love to put filters only on LAN1 interface output.

I fell It would be not too complicated to add this second phase filter.

Thanks,

Tonino
« Reply #1 on: October 19, 2007, 13:41:54 »
tonix *
Posts: 3
I'm watching "man ipfw" and I feel it could be done, using the skipto command.

Rules (for each interface) should be separated in two boxes:
 - Incoming rules
 - Outgoing rules

The IPFW commands sequence should be splitted into two parts:
0-32000 "Incoming Rules"
32001-65000 "Outgoing Rules"

"Allow" commands executed within "Incoming Rules" should be changed to "skipto 32001", and IPFW instructions for "Outgoing Rules" interfaces should start at 32001.

This would allow a more simple management of complex situations, and an improved security schema.
When you have dozens of vlan and/or interfaces, their management would be a lot more simple and safe.

Any thought?

Tonino
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines