Firewall/NAT

I am a new user, a friend of mine showed me how monowall can block all the ports less 80, and he gave the program, and I installed it, and it's passing all...can someone help to set up the rules, please...

Thanks very much.

Add a rule on your LAN interface allowing traffic from any source IP and port to any destination port 80. Then delete the default "Allow LAN to all" rule, and apply changes.

Thanks very much, I did it, and it's working.....

But some of the other programs don't work. I now it's only opened the port 80, I am getting used to monowall.

There are 2 main ports for web use, 80 for http traffic and 443 for https (Secure Websites) both of these will need to be allowed out.  You may also need to open port 21 to allow ftp traffic.  Some sites with audio and video content might use some additional ports for the media files.  you may have to allow some of these as well.  I would add a block all rule to the bottom of your rule set, 2 reasons for this.  By default traffic not allowed out is blocked and will get reported to the log, this can result in large amounts of entries in your log files which can end up making it hard to spot external traffic being blocked if there is a problem.  By addiing the block all rule to the LAN interface you can choose to log blocked packets or not, this means that when you are looking to see what ports are being used by an application trying to get out, you can switch logging on while testing and then switch it off when not needed.

hope this helps.

Mark.

won't you also need to open up port 53 for DNS aswell??

I don't think you will need the DNS if Monowall is acting as a DNS forwarder.

open up udp lan any -> 123 (ntp) -> wan to support time sync if you got boxes who want to time sync on the internet.