Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Advanced Configuration - Firewall Rules, Continued

A very important factor we haven't considered yet is the order of the rules. To illustrate this, consider a rule on the WAN interface to allow FTP traffic on port 21 to my internal server. If I added this rule after the rule blocking all traffic, packets would match the "block all" rule first and would therefore always be blocked. For the FTP rule to be executed, it must be placed above (i.e. before) the rule blocking all traffic.

Note that I have put the rules for blocking all packets in just for clarity and as good practice for debugging purposes.The firewall would block unmatched packets anyway by default. Note also that it is easy to change the order of rules by using the up and down arrows next to each rule. When you are happy with any changes, just click the Apply Changes button to save them.

Firewall Rule Edit Page

Figure 7: Firewall Rule Edit Page
(click on the image for a larger view)

The screen for editing rules is also quite clear and straight forward. Figure 7 shows the rule for allowing MS Terminal Server traffic entering on the WAN interface to an internal server. You will notice that the source and destination specify the address as JPNET1 and POWERDGE respectively, rather than an IP address or network such as This is another feature of m0n0wall called aliases. Aliases are a convenient way of giving an IP address or subnet a more identifiable name that can be used in place of the IP address or subnet in rules and other areas of m0n0wall. 

In addition to providing a more readable reference to an IP address, the alias feature eliminates the need to update firewall rules in the event that IP addresses change. For example, if your ISP updated your WAN IP address, you would only need to enter your new IP address in the alias entry. All firewall rules that referenced the alias would then reflect the change of address automatically.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

For reasons not important here, I have both Xfinity and FiOS connetions active at my house. (The FiOS will be the only permanent one, Xfinity goes awa...
Whenever I try to update/upgrade opkg I'm getting the following response:Code: admin@RT-AC68U-08B0:/usr/lib# opkg updateDownloading http://bin.entwar...
My post relates to an issue with ASUS AiMesh and 2.4GHz clients.I have configured a Blue Cave as the AiMesh router and 2x RT-AC68U's as AiMesh nodes. ...
Several times per day my AC-58U refuses to work on the 5GHz band.Looking at the system log I can see the following repeating 50-100 times:Jul 14 12:59...
Hi,Got the mesh system setup and tweaked the settings and wanted to test the masternode connection speed.I tried to ssh but there's no iPerf on neithe...

Don't Miss These

  • 1
  • 2
  • 3