Firewall/NAT

Am I right that all firewall rules in M0n0 only filter traffic ENTERING a specific interface, like from a client going IN through the router?
You cant set a rule on a interface saying "noone should be able to route traffic to this interface so it reaches that subnet"?

Not that it matters to me, I'd just like to know how it works.

I think in Cisco-routers you can write advanced ACL's where you can use both ways, so if you have a router with like 10 interfaces and you know that only one of those subnets are supposed to talk to interface 1, then you can enter ONE rule on interface 1 going the opposite way, instead of entering rules for every single one.

Am I right?
I'm not so used to firewall rules so want to know if I understood this right, thanks a lot

m0n0wall filters traffic in AND out on every interface.

It comes with a default rule of LAN -> ANY, if you disable it, nothing goes through.

m0n0wall filters traffic in AND out on every interface.

I'm not sure that this is the case.  Rule are processed on traffic coming into an interface looking at the source and destination.  You only have to create a rule letting traffic into the LAN interface to Any to pass traffic, there is no corresponding rule allowing traffic out of another interface.

Rules are processed only on an "in" basis on each interface. Adding out rules isn't necessary since you can filter in on every interface.

Rules are processed only on an "in" basis on each interface. Adding out rules isn't necessary since you can filter in on every interface.

I believe filtering on outgoing interface would be great aswell.

example:

you have three interfaces, wan, lan and opt.

should you add a rule from the opt zone it will automagically be allowed to access both the other zones, wan aswell as lan unless you specify earlier a deny rule for the lan subnet or similar.