Bogus

[PROTO:]

I've created multiple VLANs on one NIC and then added firewall rules.
One of this rules, on VLAN50, is the following:
PROTO:ICMP
SOURCE:LAN50net
PORT:*
DESTINATION:195.xxx.xxx.xxx
PORT:*
With that rule I allow ping to destination 195.xxx.xxx.xxx
before "APPLY CHANGES", ping is not working (OK)
after "APPLY CHANGES" ping is working (OK)
Then I disable the rule and "APPLY CHANGES" and ping is still working (NOT OK)
In order to really apply changes I have to rebbot m0n0wall (ver 1.232 for generic-pc).
Is it a bug, or I miss something?

The rule has been finally applied after an 1hour and 10 minutes delay...

I guess that some states do not get reset in the firewall after applying the rule.....

Instead of icmp I've tried http and it's working just fine.
I'll try all the protocols I'm interesting in, just to be sure...
m0n0wall is great anyway!



I don't think its stateful filtering.
I stoped ping then started again.
After a while started and stoped again
and again and again ...

This is normal behavior; existing connections are not affected by changes to firewall rules (stateful filtering). If you want to kill existing connections without rebooting, you can use the "Reset state" page.