[ previous ] [ next ] [ threads ]
 From:  "James W. McKeand" <james at mckeand dot biz>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] trafficshaper and some questions
 Date:  Fri, 11 Feb 2005 09:43:04 -0500
Mathias Burén wrote:
> Hi, I'm tempted by this m0n0wall software. I have a few questions
> though: 
> Can m0n0wall block an IP completely? I mean, block someone from the
> LAN from accessing the internet.
> Can m0n0wall limit upload and/or download traffic per-ip-adress or
> mac-adress? Per ip/port even?

Sure, you can block an IP completely. 

First, create an Alias for trouble maker IP... (see long tread
recently about confusion on what an Alias is first...)

Next, create a firewall rule on the LAN (I assume LAN) that looks like

Action:  Block
Interface:  LAN
Protocol:  any 
Source Type:  Single host or alias 
Address:  <Insert Alias name>
Source port range  from:  any to:  any
Destination Type:  any
Destination port range  from:  any to:  any
Log:  Log packets that are handled by this rule (if you want to ...)
Description:  Block trouble maker...

This rule needs to be before the default Pass LAN to any rule.

As far as the limiting traffic, this is the function of the Traffic
Shaper - I donít have any positive experience with it. I do know that
per MAC is not supported.

Good Luck.

James W. McKeand