[ previous ] [ next ] [ threads ]
 
 From:  Frans J King <kingf1 at cs dot man dot ac dot uk>
 To:  P Lecheler <lecheler at technologist dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Specifying additional deny rules for bogons, etc
 Date:  04 Sep 2003 01:04:59 +0100
I don't think you can specify deny rules. By default m0n0wall denies
everything and you can only specify allow rules. You could have a look
at the /etc/rc.* scripts and add some specific firewall commands if you
wanted though.

Regards,

Frans



On Thu, 2003-09-04 at 00:50, P Lecheler wrote:
> It appears that I can only specify permit type access rules using the GUI.  How can I specify
'bogon' (unallocated ip addresses) in my rules
(http://www.cymru.com/Documents/bogon-dd.html#dd-route-agg  for an example)?  This is a common
specification for most firewall type devices.  I have searched the mail archives and did not see it
discussed.  Maybe I missed it but I didn't see a way to deny WAN multicast addresses inbound (this
appeard to be taken care of by a broad deny rule)?  
> 
> I'd also like to deny specific TCP ports from the LAN to WAN but can not figure out how to specify
deny.  Do I need to go into the base code and modify one of the php include files?  If so, which
one(s)? 
> 
> Have I missed something about how to specify additional deny rules?  I see how we can negate parts
of the rules but this capability appears to be different than deny.
> 
> Tnx.
-- 
Frans J King <kingf1 at cs dot man dot ac dot uk>