On 10/30/05, dny <[EMAIL PROTECTED]> wrote: > hi. > > i want to setup wifi interface to allow user to use only the internet. > i like to setup a firewall rule like this: > > pass, if: wifi, source: wifi subnet, dest: wan, dest port: 1-10000 > > q1: why no wan option in destination?
WAN would be the WAN subnet, not 0.0.0.0/0. At any rate, that's been something I've been meaning to do for other reasons. > q2: what's good/bad limiting destination port like that? I'd only allow the ports you _want_ the user to get to. Also, if it's worms you're worried about, I'd be more worried about ports 21, 25, 69, 80 than anything above 10000. --Bill