Ah... that makes sense... thank you! Todd Worden Web-Wired, LLC 434.906.0420 [EMAIL PROTECTED] www.web-wired.com
-----Original Message----- From: Adrian F. Dimcev [mailto:[EMAIL PROTECTED] Sent: Sunday, December 23, 2007 8:01 AM To: Todd Worden Cc: vyatta-users@mailman.vyatta.com Subject: RE: [Vyatta-users] Firewall implicit deny all Hi Todd, If you define a firewall instance "wan2lan" as "OUT" on eth0 then the implicit deny you've mentioned only applies to eth0 and only to packets exiting interface eth0 that are not matched by any of your firewall rules from that instance. Per interface you can define three firewall instances: "IN", "OUT" and "LOCAL". So packets entering("IN" instance) or destined to Vyatta itself("LOCAL")are not bothered by your "OUT" firewall instance "wan2lan" on eth0. For eth1 you need to set another firewall instance as "OUT" or IN" or whatever you need. Adrian __________ NOD32 2744 (20071223) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com _______________________________________________ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
