[ previous ] [ next ] [ threads ]
 From:  "Tech Terapies" <tech at terapies dot org>
 To:  "'dasz'" <daszylstra at comcast dot net>, "'Phil Greenway'" <m0n0wall at wenck dot com dot au>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Blocking IP Addresses
 Date:  Fri, 2 Jun 2006 11:51:47 +0200
Block at top of the wan rule

Tech Services Terapies.org
Jan Arbona

-----Original Message-----
From: dasz [mailto:daszylstra at comcast dot net]
Sent: Friday, June 02, 2006 5:50 AM
To: Phil Greenway; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Blocking IP Addresses

---- Original Message -----
Sent: Thursday, June 01, 2006 9:26 PM
Subject: [m0n0wall] Blocking IP Addresses


I've got the IP addresses of some audio streaming sites I'd like to block,
however, I've tried a number of different things with the m0n0wall Rules,
but I still can't block this traffic.

The handbook says it's possible, just doesn't say how.

Can someone please spell it out in plain english or screenshots ?


Phil Greenway

Systems Administrator


I'm not sure if this is it, but  the rules are processed from the top of the

list down (i.e. if the first rule allows an IP address outbound access that
will trump a block rule that is lower in the list):
log in to management interface
On left side click "Rules" (under Firewall)
Click on the "LAN" tab
Add a rule by clicking on the + to the lower right of the rule list
    Action = Block
    Source port range=any
    Destination=IP address or subnet of what you want to block
    Destination port range=any
    Description=descriptive test to help you remember what this rule is for
After the rule is added click the check box to the left of it then click the

left arrow button next to the very top rule to move the new rule to the top.

Maybe experiment with a known website IP first to prove it is working in
case the audio streaming has multiple servers - once you prove you can block

a website it will be easy to do the rest . . . . . . then once you prove
those get blocked you can start drilling the rule down to specific ports in
case you still need access to those IPs for other traffic . . . . .

-David Z

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch