[ previous ] [ next ] [ threads ]
 
 From:  "dasz" <daszylstra at comcast dot net>
 To:  "Phil Greenway" <m0n0wall at wenck dot com dot au>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] Blocking IP Addresses
 Date:  Thu, 1 Jun 2006 23:50:14 -0400
---- Original Message ----- 
Sent: Thursday, June 01, 2006 9:26 PM
Subject: [m0n0wall] Blocking IP Addresses


Hi,

I've got the IP addresses of some audio streaming sites I'd like to block, 
however, I've tried a number of different things with the m0n0wall Rules, 
but I still can't block this traffic.

The handbook says it's possible, just doesn't say how.

Can someone please spell it out in plain english or screenshots ?

Regards,

Phil Greenway

Systems Administrator

-------------------------------------------------------------------------------
Phil,

I'm not sure if this is it, but  the rules are processed from the top of the 
list down (i.e. if the first rule allows an IP address outbound access that 
will trump a block rule that is lower in the list):
log in to management interface
On left side click "Rules" (under Firewall)
Click on the "LAN" tab
Add a rule by clicking on the + to the lower right of the rule list
    Action = Block
    Interface=LAN
    Protocol=Any
    Source=any
    Source port range=any
    Destination=IP address or subnet of what you want to block
    Destination port range=any
    Description=descriptive test to help you remember what this rule is for
After the rule is added click the check box to the left of it then click the 
left arrow button next to the very top rule to move the new rule to the top.

Maybe experiment with a known website IP first to prove it is working in 
case the audio streaming has multiple servers - once you prove you can block 
a website it will be easy to do the rest . . . . . . then once you prove 
those get blocked you can start drilling the rule down to specific ports in 
case you still need access to those IPs for other traffic . . . . .

-David Z