Tim Vaughan wrote:
>> is there a way (and if not, can I make a feature request? :)) to
>> blacklist hosts and networks? I just want to clean up some of my
>> logs, and I remember that I used to have an array on my old
>> homegrown linux firewall which I just appended once in a while with
>> some obcure .cn and other networks that I know would never access my
>> web server or anything else legitimately.
> Presumably, providing a simple way to edit /etc/hosts directly would
> be sufficient? I'd like to be able to paste a big list of ad/spyware
> etc. servers into it.
If you are talking about FQDNs you can use the DNS forwarder's overrides
to forward the FQDN in question to 127.0.0.1. If you have a large list,
you could use the backup/restore method to mass edit the config.xml.
If you are talking about blocking IPs/subnets I don't have any good
ideas. Creating a list of aliases then crafting the firewall rules to
block traffic to/from these aliases would be a severe burden on your
m0n0wall and maintenance would be time consuming. Your list of rules
could be quite long...
James W. McKeand