Hi,

I am trying to figure out the uci-based firewall in kamikaze and have a question about setting up a paranoid firewall.

1) I want to block outgoing packets (except selected ones) from the lan to internet.
2) I want to block different outgoing packets (except selected ones) from the router to the internet
or
3) block outgoing packets from lan to internet, but not block from router to internet.
or
4) block out from router unless they are are outgoing from the lan

Is doing 1+2 possible?  What about 3?  4? How do I set them up?

I see that for incoming one can specify a zone or 'Device' as a destination, but there isn't the equivalent outgoing that I can see.

I want to set up my router as a web server (with attached USB drive), but I would want to block everything except sessions that were opened by a port 80 (or maybe port 8080) request (for requests/outgoing originating on the firewall; for things forwarded I'd want different rules).

I know how to do this in shorewall, but not in the uci firewall.

(Last edited by cshore on 4 May 2009, 15:19)