You'd want to block the traffic before it traverses your firewall.

I don't see why, technically, it couldn't be done, however - just ain't 
in there yet.  Probably not high on the feature list either, I suspect.

Same goes for myself - m0n0 and pfsense are quite nice.


Bob Young wrote:
> Hi krt:
> 
> Thank you so much for your help:
> 
> I didn't know that the firewall blocking rules were inbound only to the
> interface.  
> 
> I'm just learning Monowall firewall, and I had someone on a forum tell me
> that I could apply an outgoing firewall rule on the M0n0wall WAN port (in
> order to save on the number of rules on my LAN and WISP ports).  His idea to
> save on the number of rules sure sounded good, but it looks like he was
> wrong.
> 
> I understand from you that trying to put an outbound firewall rule on the
> WAN port won't work.  I wonder if other firewalls allow outbound rules to
> the WAN ports?  Probably not.  
> 
> I thank you for letting me know M0n0wall rules are for inbound to the
> interface only.
> 
> I will do outbound destination blocking to port 1900, by making use of
> inbound blocking on the LAN and WISP interfaces.  I'll also make use of the
> "*" for my source I address (in order to simplify the sorting). That sounds
> like a very good idea.
> 
> Port 1900 blocking was just an example.  I'm going to also be blocking ports
> 445,135-139,593 and 5000...I understand data flowing to these ports can be
> detrimental to my network.  Is there a list that is frequently updated in
> order for people to know what ports to block outbound?  I figure more bad
> ports can pop up and people may not know to block them, unless there is a
> recent accurate list.
> 
> Thank you krt for your reply,
> 
> Bob Young
> 
> P.S.  The more I learn about M0n0wall, the more I like it.
> 
> -----Original Message-----
> From: krt [mailto:kkrrtt at gmail dot com] 
> Sent: Monday, July 31, 2006 1:41 AM
> To: Bob Young
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] LAN/WISP block or WAN block ?
> 
> Rules are for inbound to the interface only.
> 
> You can simplify the rules that you have by blocking all sources to UDP 
> 1900 on each interface.
> 
> Instead of applying this to your WISP interface:
> Block | UDP | WISP net | * | * | 1900 | Block UPnP
> 
> Just apply this:
> Block | UDP | * | * | * | 1900 | Block UPnP
> 
> The same goes for your LAN interface.
> 
> This simplifies the sorting that must go on with the rule before it's 
> processed, and it prevents randomly IP'd machines (say, in martian 
> subnets) from broadcasting stuffs outbound.
> 
> 
> 
> You might want to have these rules at the bottom of any local interface, 
> since the policy is to default deny anyways:
> 
> WISP Interface:
> Penultimate) Permit | ANY | WISP net | * | * | * | Permit WISP Net Out
> 
> Ultimate) Block and Log  | ANY | * | * | * | * | Beware all packets ye 
> who enter here
> 
> 
> 
> LAN Interface:
> Penultimate) Permit | ANY | LAN | * | * | * | Permit LAN Out
> 
> Ultimate) Block and Log  | ANY | * | * | * | * | Beware all packets ye 
> who enter here
> 
> 
> Bob Young wrote:
>> I have a LAN port, a WISP port, and a WAN port on my WRAP 1E-2 board.
>>
>> For the firewall, on each of my LAN and WISP Interfaces I have the
> following
>> rule (except for the LAN, I have "LAN net", in place of "WISP net"):
>>
>> UDP | WISP net | * | * | 1900 | Block UPnP 
>>
>>
>> Can this rule be put on the WAN interface to stop outgoing UPnP data on
> port
>> 1900 from the LAN and WISP interfaces, with just one rule?
>>
>> If so, would the following rule be correct for a WAN rule ?
>>
>>
>>
>> UDP | * | * | * | 1900 | Block UPnP
>>
>> Maybe since I'm using "*" for both source and destination, maybe it will
>> work for both incoming and outgoing on both the LAN and WISP interfaces?
>>
>>
>> Thanks much,
>>
>>
> 
> 
> 
> 
>