Like every other website on the planet, SmallNetBuilder uses cookies. Our cookies track login status, but we only allow admins to log in anyway, so those don't apply to you. Any other cookies you pick up during your visit come from advertisers, which we don't control.
If you continue to use the site, you agree to tolerate our use of cookies. Thank you!

Router Charts

Click for Router Charts

Router Ranker

Click for Router Ranker

NAS Charts

Click for NAS Charts

NAS Ranker

Click for NAS Ranker

More Tools

Click for More Tools

LAN & WAN Reviews

Advanced Configuration - Firewall Rules, Continued

A very important factor we haven't considered yet is the order of the rules. To illustrate this, consider a rule on the WAN interface to allow FTP traffic on port 21 to my internal server. If I added this rule after the rule blocking all traffic, packets would match the "block all" rule first and would therefore always be blocked. For the FTP rule to be executed, it must be placed above (i.e. before) the rule blocking all traffic.

Note that I have put the rules for blocking all packets in just for clarity and as good practice for debugging purposes.The firewall would block unmatched packets anyway by default. Note also that it is easy to change the order of rules by using the up and down arrows next to each rule. When you are happy with any changes, just click the Apply Changes button to save them.

Firewall Rule Edit Page

Figure 7: Firewall Rule Edit Page
(click on the image for a larger view)

The screen for editing rules is also quite clear and straight forward. Figure 7 shows the rule for allowing MS Terminal Server traffic entering on the WAN interface to an internal server. You will notice that the source and destination specify the address as JPNET1 and POWERDGE respectively, rather than an IP address or network such as This is another feature of m0n0wall called aliases. Aliases are a convenient way of giving an IP address or subnet a more identifiable name that can be used in place of the IP address or subnet in rules and other areas of m0n0wall. 

In addition to providing a more readable reference to an IP address, the alias feature eliminates the need to update firewall rules in the event that IP addresses change. For example, if your ISP updated your WAN IP address, you would only need to enter your new IP address in the alias entry. All firewall rules that referenced the alias would then reflect the change of address automatically.

More LAN & WAN

Wi-Fi System Tools
Check out our Wi-Fi System Charts, Ranker and Finder!

Support Us!

If you like what we do and want to thank us, just buy something on Amazon. We'll get a small commission on anything you buy. Thanks!

Over In The Forums

Hey SNB members, I hope you are all well during this time. I have used Asus routers for a long time. My current and backup router have failed - so I d...
v2.5.1 Updated 2020-05-10 Run an NTP server for your network. Graphs available for NTP accuracy on the Addons page of the WebUI.Inspired by kvic's p...
Hi there,This thread is about GNUton's Merlin builds for DSL devices.* A few words about how this project started:Some days back I bought a DSL-AC68U....
Hi all, I have been considering upgrading the home network primarily as it pertains to security. With the implementation of many IoT devices which wil...
I updated my ISP from 200 to 400 Mbps. So I tested the throughput, the ISP Modem is putting out 467 Mbps. I am testing using an ethernet cable directl...

Don't Miss These

  • 1
  • 2
  • 3