Firstly, thank you for both of your answers.
After some research (or just mind fucking
) and with your answers, I succeeded and came to this conclusion :
- When the documentation says
"Choose on which interface packets must come in to match this rule", this means that the direction of the trafic is :
SUBNET > INTERFACESince the beginning, I thought it was Interface > Subnet, so the pictures shown in the documentation are correct, m0n0wall team you have my apologies.
- So, after some settings, I did the following on my 3 interfaces :
LAN :
http://i.imgur.com/lW9s6oc.jpgWAN :
http://imgur.com/1Qr9lDODMZ :
http://imgur.com/ujdGL2bBasically, the trick is about denying everything from any to any, then start to add some permissions, and particularly, as
tuxfux said : use the reverse option of the destination entry (destination BUT LAN Subnet).
Now this is working like a charm, and the documentation was fully correct.
Maybe, they can add some explanations about what
"Choose on which interface packets must come in to match this rule" really means.
And, when I managed to got everything working, I said :
Fuck it, m0n0wall is so powerfull.