-
Because these rules result in forwarding rules, forwarding from main.LAN to world.INET. What you need is rules like:
accept any from main.LAN to firewall(any)
The "firewall" object is a special object that makes sure "input" rules are created. The firewall(any) makes sure that you can connect to a firewall box on an interface/ipaddress that is not in the main.LAN network.
2009-11-07 22:44:56 UTC in Vuurmuur
-
vicjul78 committed revision 282 to the Vuurmuur SVN repository, changing 1 files.
2009-11-04 09:12:21 UTC in Vuurmuur
-
vicjul78 added daenney to the Vuurmuur project.
2009-11-02 21:57:01 UTC in Vuurmuur
-
vicjul78 made 1 file-release changes.
2009-11-01 18:38:08 UTC in snort_inline
-
One thing that may help you is inspecting the output of "vuurmuur -b". It prints a bash script to stdout so you can have a look at all the rules Vuurmuur creates. Hop into #vuurmuur on freenode if you require further assistance!
Cheers,
Victor.
2009-11-01 15:27:58 UTC in Vuurmuur
-
vicjul78 made 2 file-release changes.
2009-11-01 09:38:02 UTC in Vuurmuur
-
vicjul78 made 1 file-release changes.
2009-11-01 09:36:01 UTC in Vuurmuur
-
Vuurmuur depends on conntrack for allowing reply traffic. The traffic that you're trying to match above will be marked ESTABLISHED by conntrack and thus be accepted by the ruleset Vuurmuur generated.
So I'm pretty sure you won't need rules like you pasted above when using Vuurmuur. Unless you have some super funky setup of course :)
2009-11-01 09:23:46 UTC in Vuurmuur
-
vicjul78 added fredl to the Vuurmuur project.
2009-11-01 09:14:26 UTC in Vuurmuur
-
vicjul78 committed revision 268 to the Vuurmuur SVN repository, changing 1 files.
2009-10-25 14:45:17 UTC in Vuurmuur
