Jan Normann Nielsen wrote:
> No, I never received any answers to my previous post (quoted below).
> If anyone has anything to say about it, please do. Now two people want
> to know.
>> This is a regular FreeBSD question, therefore probably off-topic for
>> this list, but I'm asking people anyway.
>> Under some conditions, I will need to either:
>> 1. Drop all of the firewall's NAT'ed connections for a certan LAN
>> 2. Ban all traffic from a LAN IP address for a certain amount of
>> Does anyone know if this possible through commands in m0n0wall? I
>> to invoke them from exec.php or exec_raw.php.
Can I ask why you want #1? If you do #2 properly, the net result is that
no more traffic will be passed and the sessions will eventually time out.
Anyways, see http://www.phildev.net/ipf/IPFques.html#26 for the answer
The simplest case for #2:
In exec.php, you would do
echo "@2 block in quick on LANINTERFACE from x.x.x.x/32 to any" | ipf -f -
If you have complicated firewall rules, you'll need to figure out where
the rule should go and with which group (if any).