On Tue, 2006-02-14 at 11:28 +0900, Joel Rees wrote: > Reason I ask is that, as I understand it, you can't open a port to the > LAN while keeping it closed to the world unless you know what ranges > of addresses are used on the LAN. Not everyone chooses to use > 192.168.0.nnn for their LANs, you know. It's doable, in a few ways. Here's two that I can think of off the top of my head: Ask the user which interfaces are LAN and WAN, then apply the rules to the interface, regardless of what address is used by them. Automatically examine the machine's own IP and netmask, define a rule based on them. Apply broad rules for the main LAN IP ranges, hoping they apply. It's a fair bet that the common private IP ranges won't be used over the internet, though some ISPs do that. -- Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists.
