Re: [m0n0wall] Dropping NAT'ed connections or banning traffic through m0n0wall

From:	Dave Warren <maillist at devilsplayground dot net>
To:	Graham Dunn <gdunn at inscriber dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Dropping NAT'ed connections or banning traffic through m0n0wall
Date:	Wed, 27 Oct 2004 22:00:41 -0600

Graham Dunn wrote:

> Z
>
>>>    1. Drop all of the firewall's NAT'ed connections for a certan LAN IP.
>>>    2. Ban all traffic from a LAN IP address for a certain amount of time.
>>>      
>>>
>Can I ask why you want #1? If you do #2 properly, the net result is that 
>no more traffic will be passed and the sessions will eventually time out.
>
>Anyways, see http://www.phildev.net/ipf/IPFques.html#26 for the answer 
>to #1.
>
>The simplest case for #2:
>
>In exec.php, you would do
>
>echo "@2 block in quick on LANINTERFACE from x.x.x.x/32 to any" | ipf -f -
>
>If you have complicated firewall rules, you'll need to figure out where 
>the rule should go and with which group (if any).
>  
>
Since m0n0wall's rules are stateful, accomplishing #2 without #1 
wouldn't be a complete solution -- Any already-established connection 
would be allowed to continue. 

-- 
If I were still loyal to the Goa'uld, you would know it.
It would be immediately apparent as I would not hesitate to kill you where you sit.
 -- Teal'c