RE: [m0n0wall] Blocking acccess to internet sites from only 1 ip address

From:	"James W. McKeand" <james at mckeand dot biz>
To:	"'Monowall \(E-mail\)'" <m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Blocking acccess to internet sites from only 1 ip address
Date:	Mon, 13 Jun 2005 15:01:50 -0400

Zadikem, Travis-taz wrote:
> Hello all,
>   Can someone please tell me the rule for blocking internet access
> from only 1 IP address to the WAN? 
> 
> Thanks,
> Travis

Assuming you want to lock an IP down completely - Try this:

Action:  Block
Interface:  LAN
Protocol:  any 
Source:  Single host or alias
Address:  <insert IP here> 
Source port range  from:  any
                     to:  any 
Destination:  any
Destination port range  from:  any
                          to:  any
Log: (you may want to log where this IP is going)
Description:  (as always give it a good descriptive name)

This rule needs to be listed before the default LAN -> any rule.
(First matched rule wins the race...)

If you wish to allow certain services to work (email) you could have
"Pass" rules before the block rule. It will take multiple rules to
allow traffic to specific ports/services (HTTP, HTTPS, POP3, SMTP,
FTP...) 

For Example: 
PASS to POP3 (110) from <IP>
PASS to SMTP (25) from <IP>
BLOCK any from <IP>
PASS any from LAN Subnet

_________________________________
James W. McKeand