[ previous ] [ next ] [ threads ]
 From:  Steve Johnson <steve at srjnetworks dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Block list of WAN IP addresses?
 Date:  Fri, 12 May 2006 21:59:50 -0600
Thanks to all for sharing your expertise and thanks, Manuel, for
bringing this great idea into reality.

I'd like to be able define a list of external IP addresses to be
unconditionally blocked from accessing my internal network and DMZ.
Typically these would be IP addresses of bots that hammer endlessly on
the ftp port, or spammers trying every variation of email address
(info@, feedback@, sales@, support@), and so on.

Rather than allow them through the firewall and then dealing with them
at the server, I'd like to just shut the door on them. Currently I'm
handling this with a separate firewall rule for each IP address to be
blocked. In time this will become unwieldy and will probably impose a
performance penalty.

Postfix has UCE controls that allow list-based restriction for email --
you can set up a /client_access/ list containing IP addresses,
hostnames, domain names, etc, and configure dispositions for each list
entry -- REJECT, BLOCK, etc. Does anyone know of a way to implement a
similar functionality in m0n0wall?

If it's not currently possible, please consider this as a feature request.

Thanks for your responses!