RE: [m0n0wall] Bloking some internet ip addreses

From:	"Fred Weston" <fred at daytonawan dot com>
To:	"'Bart Smit'" <bit at pipe dot nl>, "'Boris Rudoy'" <boris at rudoy dot com>
Cc:	<m0n0wall at lists dot m0n0 dot ch>
Subject:	RE: [m0n0wall] Bloking some internet ip addreses
Date:	Fri, 19 Dec 2003 09:00:23 -0500

The easiest way to do it without using any firewall rules is to create a
bogus static route to that host, but since you have a firewall rule
table to use, just create a rule denying everything from source * to
dest <ip addr>.

> -----Original Message-----
> From: www-data [mailto:www dash data at levante dot wiggy dot net] On Behalf 
> Of Bart Smit
> Sent: Friday, December 19, 2003 7:01 AM
> To: Boris Rudoy
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] Bloking some internet ip addreses
> 
> 
> Boris Rudoy said:
> 
> > Can I prevent my computers behaind m0m0wall from connect to 
> few inet 
> > IP addreses?
> 
> Of course you can. That is the whole point of a firewall, 
> isn't it? Did you even install it and take a look at it 
> before asking such a question? If not, shame on you! ;-)
> 
> --B
> 
> (btw doing this by host file does not make IP addresses 
> unreachable; it merely messes with name resolution)
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>