Hi all
I'm new to m0n0wall and I'm beginning to like it. Nevertheless I have one very basic thing I don't understand:
Let's assume I want to implement the simple policy "pass HTTP traffic from any host in the LAN to any host in the WAN (internet), but to no other interfaces (like DMZ or VPN)". How can I achieve this?
It seems that the m0n0wall destination option "WAN Address", does only match the WAN subnet, but I want to match packages for the world wide internet... I'm missing a destination like "WAN Interface".
I've done such rules many times with iptables and I think with pf it would look something like this (with fxp0=LAN and fxp1=WAN):
pass in on fxp0 proto tcp from any to fxp1 port www
Is my netfilter-affected thinking wrong? Is it simply not possible with m0n0wall, or how do you implement this policy with m0n0wall?
Regards,
hupf