Re: [m0n0wall] Dropping NAT'ed connections or banning traffic through m0n0wall

From:	Jan Normann Nielsen <lists at dubbekarl dot dk>
To:	Dave Warren <maillist at devilsplayground dot net>
Cc:	Graham Dunn <gdunn at inscriber dot com>, m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Dropping NAT'ed connections or banning traffic through m0n0wall
Date:	Thu, 28 Oct 2004 13:30:04 +0200

Dave Warren wrote:

>>>>    2. Ban all traffic from a LAN IP address for a certain amount of 
>>>> time.
>>>>     
>>>
>> Can I ask why you want #1? If you do #2 properly, the net result is 
>> that no more traffic will be passed and the sessions will eventually 
>> time out.
>>
>> Anyways, see http://www.phildev.net/ipf/IPFques.html#26 for the 
>> answer to #1.
>>
>> The simplest case for #2:
>>
>> In exec.php, you would do
>>
>> echo "@2 block in quick on LANINTERFACE from x.x.x.x/32 to any" | ipf 
>> -f -
>>
>> If you have complicated firewall rules, you'll need to figure out 
>> where the rule should go and with which group (if any). 
>
>    1. Drop all of the firewall's NAT'ed connections for a certan LAN IP.
> Since m0n0wall's rules are stateful, accomplishing #2 without #1 
> wouldn't be a complete solution -- Any already-established connection 
> would be allowed to continue.

And since #1 cannot be done with ipf, this all this is impossible to do.

Best regards,
Jan Nielsen