That would be very risky. IP spoofing is nothing new, and especially for 
UDP it's very easy. Would be pretty bad when your m0n0wall suddenly 
blocks all responses from your DNS server because someone spoofed its 
address... Gives a nice Denial of Service attack.

And about IDS:
It's "Intrusion *Detection* System", it doesn't necessarily *do* 
anything but report about the incident. If it *does* something when 
detecting an attack it would be an intrusion prevention system or an 
intrusion reaction system.


greetings,
  Harry

Michel Servaes wrote:
> that indeed would be a far much better approach...
> isn't that what IDS is about ?
> 
> Dennis Karlsson schreef:
>> Wouldn't it be better if the firewall blocked all requests from that 
>> IP for X minutes instead?
>>
>>
>> Michel Servaes wrote:
>>> Hi,
>>>
>>> Would it be possible to change IP (automatically) when the firewall 
>>> notices a possible breach ?
>>> Today I noticed in my log, multiple tries to several ports (known to 
>>> be ports of other firewalls)... 3128, 8000, 8080, 8088, 8888   (they 
>>> all originate from the same ip)