[ previous ] [ next ] [ threads ]
 From:  Graham Dunn <gdunn at inscriber dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Dropping NAT'ed connections or banning traffic through m0n0wall
 Date:  Tue, 26 Oct 2004 15:45:51 -0400
Jan Normann Nielsen wrote:

> No, I never received any answers to my previous post (quoted below). 
> If anyone has anything to say about it, please do. Now two people want 
> to know.
>>     This is a regular FreeBSD question, therefore probably off-topic for
>>     this list, but I'm asking people anyway.
>>     Under some conditions, I will need to either:
>>     1. Drop all of the firewall's NAT'ed connections for a certan LAN 
>> IP.
>>     2. Ban all traffic from a LAN IP address for a certain amount of 
>> time.
>>     Does anyone know if this possible through commands in m0n0wall? I
>>     need
>>     to invoke them from exec.php or exec_raw.php.
Can I ask why you want #1? If you do #2 properly, the net result is that 
no more traffic will be passed and the sessions will eventually time out.

Anyways, see http://www.phildev.net/ipf/IPFques.html#26 for the answer 
to #1.

The simplest case for #2:

In exec.php, you would do

echo "@2 block in quick on LANINTERFACE from x.x.x.x/32 to any" | ipf -f -

If you have complicated firewall rules, you'll need to figure out where 
the rule should go and with which group (if any).