Dave Warren wrote:
>>>> 2. Ban all traffic from a LAN IP address for a certain amount of
>> Can I ask why you want #1? If you do #2 properly, the net result is
>> that no more traffic will be passed and the sessions will eventually
>> time out.
>> Anyways, see http://www.phildev.net/ipf/IPFques.html#26 for the
>> answer to #1.
>> The simplest case for #2:
>> In exec.php, you would do
>> echo "@2 block in quick on LANINTERFACE from x.x.x.x/32 to any" | ipf
>> -f -
>> If you have complicated firewall rules, you'll need to figure out
>> where the rule should go and with which group (if any).
> 1. Drop all of the firewall's NAT'ed connections for a certan LAN IP.
> Since m0n0wall's rules are stateful, accomplishing #2 without #1
> wouldn't be a complete solution -- Any already-established connection
> would be allowed to continue.
And since #1 cannot be done with ipf, this all this is impossible to do.