[ previous ] [ next ] [ threads ]
 
 From:  Lee Sharp <leesharp at hal dash pc dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Firewall Rules by MAC Address. IS it possible?
 Date:  Wed, 29 Sep 2010 12:19:01 -0400 
On 09/29/2010 10:25 AM, James McKeand wrote:
> Set the following rules on the LAN interface:
> 1) Block source IP 1.1.1.1 port any to destination IP any port 80 (http)
> 2) Block source IP 1.1.1.1 port any to destination IP any port 443 (https)
> 3) Block source IP 1.1.1.1 port any to destination IP any port 8000 (Proxies per Lee)
>
> He would still be able to browse a web page at 1.1.1.2 because it is on the same subnet and will
not go to the m0n0wall (i.e. the gateway of the 1.1.1.0 subnet). Also network browsing (i.e.
Windows' - My Network Places) would still work - it is not http.
>
> Rules should be on LAN interface not WAN...

You got it.  A determined guy can still get out with VPN or something 
similer, but that will lock it down fairly tight.

			Lee