Graham Dunn wrote:
>>> 1. Drop all of the firewall's NAT'ed connections for a certan LAN IP.
>>> 2. Ban all traffic from a LAN IP address for a certain amount of time.
>Can I ask why you want #1? If you do #2 properly, the net result is that
>no more traffic will be passed and the sessions will eventually time out.
>Anyways, see http://www.phildev.net/ipf/IPFques.html#26 for the answer
>The simplest case for #2:
>In exec.php, you would do
>echo "@2 block in quick on LANINTERFACE from x.x.x.x/32 to any" | ipf -f -
>If you have complicated firewall rules, you'll need to figure out where
>the rule should go and with which group (if any).
Since m0n0wall's rules are stateful, accomplishing #2 without #1
wouldn't be a complete solution -- Any already-established connection
would be allowed to continue.
If I were still loyal to the Goa'uld, you would know it.
It would be immediately apparent as I would not hesitate to kill you where you sit.