[ previous ] [ next ] [ threads ]
 
 From:  James McKeand <james at mckeand dot biz>
 To:  "m0n0wall at lists dot m0n0 dot ch" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Firewall Rules by MAC Address. IS it possible?
 Date:  Wed, 29 Sep 2010 09:25:49 -0500
Set the following rules on the LAN interface: 
1) Block source IP 1.1.1.1 port any to destination IP any port 80 (http)
2) Block source IP 1.1.1.1 port any to destination IP any port 443 (https)
3) Block source IP 1.1.1.1 port any to destination IP any port 8000 (Proxies per Lee)

He would still be able to browse a web page at 1.1.1.2 because it is on the same subnet and will not
go to the m0n0wall (i.e. the gateway of the 1.1.1.0 subnet). Also network browsing (i.e. Windows' -
My Network Places) would still work - it is not http.

Rules should be on LAN interface not WAN...

_________________________________ 
James W. McKeand 

-----Original Message-----
From: Lee Sharp [mailto:leesharp at hal dash pc dot org] 
Sent: Wednesday, September 29, 2010 9:18 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Firewall Rules by MAC Address. IS it possible?

On 09/29/2010 05:58 AM, GD Incorporation wrote:
> I Have another question,
>
> So, I managed to set the user ip in DHCP to always use 1.1.1.1 (example ip).
> Then I set the rule in Firewall WAN to block all requests that comes from
> 1.1.1.1 from any port to any IP address using port 80 or SSL. Then I allow
> the ip 1.1.1.1 in the captive portal IP list.

Yes.  This is correct.  He can do anything but traditional web. 
However, you might want to look at port 8000 which is traditionally used 
for web proxy services.

> Is that the correct thing to do? Should I set the rule for the LAN Firewall
> instead? Because it does not work. Or does it take time to make it work?
> I want to make sure that if accessing internal IP address I want the
> computer to be able to browse internally, but not to access internet with
> browser.

This paragraph makes no sense to me what so ever.  I am really unsure 
what you are trying to say here.

			Lee

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch