[ previous ] [ next ] [ threads ]
 
 From:  "jan gestre" <m0n0wall dot list at gmail dot com>
 To:  "Alain Fauconnet" <alain at ait dot ac dot th>
 Cc:  "MonoWall-General List" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] how do i block a particular client internet access
 Date:  Mon, 10 Apr 2006 15:03:11 +0800
On 4/10/06, Alain Fauconnet <alain at ait dot ac dot th> wrote:
>
> Jan,
>
> On Mon, Apr 10, 2006 at 01:29:38PM +0800, jan gestre wrote:
> > On 4/10/06, Alain Fauconnet <alain at ait dot ac dot th> wrote:
> > >
> > > Chris,
> > >
> > > On Mon, Apr 10, 2006 at 12:35:51AM -0400, Chris Buechler wrote:
> > > > On 4/9/06, Alain Fauconnet <alain at ait dot ac dot th> wrote:
> > > > >
> > > > > Since I have the same need here I have read this page and I was
> > > > > suprised not seeing any solution based on custom ipfw rules.
> > > > >
> > > >
> > > > IPfilter does the firewalling in m0n0wall, not ipfw.  ipfw is only
> for
> > > > traffic shaper and captive portal.  Using it for filtering can have
> > > > unintended consequences, but since you're just doing a deny, that
> > > > shouldn't be a problem.
> > >
> > > Thanks for the info. Actually I had overlooked the fact that Jan does
> > > *not* use the captive portal at all, as he wrote. Will such rules be
> > > even considered in this case or not?
> > >
> > > most of my users are old and stupid
>
> Hey! are we working at the same place or what? ;-)


hahaha, maybe we are (",)

> and i don't want to be bothered by so
> > many questions like why do i have to do that...blah blah blah, i am
> already
> > hampered with the day to day desktop support so why add another
> > burden?
>
> Don't misunderstand what I wrote. I'm not questioning why you want to
> do this and why you'd do it one way or another. What I wrote is that
> these custom ifpw rules worked for me, but I have the captive portal
> turned on and since they are added to the rule set that is used by the
> captive portal, I'm not sure they will work on a M0n0wall with captive
> portal not turned on.


i did not misunderstood you,  i was just making fun :D

Why don't you give them a try?


i want to, probably when we purchased a new wireless AP, dunno when and
there is no howto in the handbook and i'm afraid to tinker with a working
system.

> hehehe. since im no guru, i  just want a simple and immediate solution.
> > i also want to trace this specific user whose mac address and dhcp lease
> on
> > the monowall seems strange.
> >      MAC                                         Start
> > End
> > 00:ab:00:00:00:00                  2006/04/10 10:31:35
> 1970/01/01
> > 07:59:59
>
> No clue here. I don't use the built-in DHCP server, just the
> forwarder.
>
> Is this the real MAC address that shows or have you sanitized it?
> looks to me like a faked MAC... if you users play that kind of games,
> we sure are working at the same place :-)


yes, they are real, its weird specially the end of lease part, 1970? wtf?
haha

Greets,
> _Alain_
>