On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > So whats wrong with this? If your not using the ip, whats the bother? > > Well. My Lan is using IP 111.111.111.154/29 - this is the lan lockout > rule I'd like to see generated. If I enter there some fake IP it > breaks as well as few other rules associated with LAN. I do not know > how they are important and what else do you plan to add to them later > on.
It shouldn't break a thing by entering an ip. Please describe what you mean by breaking. > There is IP where... same as WAN. This is IP I would like to protect. > You're saying same IP for both interfaces is not good even if it is part > of the bridge - OK - but there is no other way to have web lockout > rules generated. You're going about this all wrong. If you have an ip you want to protect then the machine should be behind the bridge with the public ip. Not on pfsense! Enter in a fake ip on the LAN interface (something like 192.168.1.1). The bridge will automatically forward traffic through it. > Also it is not lack of web lockout which caused me the problem. > I had manual rules to let me in anyway. > > The problem was the box was not accessible if firewall is disabled - if > pf is disabled no anti lockout rules apply. Yes, having the same IP on two interfaces will confuse the holy hell out of FreeBSD. I guess we need to have more logic in the webGUI to keep people from doing this. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
