On Mon, 2005-10-31 at 16:38 -0500, Scott Ullrich wrote: > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > Scott, > > > > I guess we're back to the reason why I set it this way :) > > > > The fake IP address results in a lot of rules generated which should > > apply to LAN but actually do not work because LAN is set to the IP > > which no one uses. For example LAN lockout rule is created very > > wrong. > > So whats wrong with this? If your not using the ip, whats the bother?
Well. My Lan is using IP 111.111.111.154/29 - this is the lan lockout rule I'd like to see generated. If I enter there some fake IP it breaks as well as few other rules associated with LAN. I do not know how they are important and what else do you plan to add to them later on. > > > I tried with empty LAN address and this one and both of them normally > > work. > > But your complaining about interface lockout. How can we prevent the > web gui lockout if you don't enter an ip to protect? There is IP where... same as WAN. This is IP I would like to protect. You're saying same IP for both interfaces is not good even if it is part of the bridge - OK - but there is no other way to have web lockout rules generated. Also it is not lack of web lockout which caused me the problem. I had manual rules to let me in anyway. The problem was the box was not accessible if firewall is disabled - if pf is disabled no anti lockout rules apply. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
