Re: [m0n0wall] Specifying additional deny rules for bogons, etc

From:	Frans J King <kingf1 at cs dot man dot ac dot uk>
To:	P Lecheler <lecheler at technologist dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Specifying additional deny rules for bogons, etc
Date:	04 Sep 2003 01:04:59 +0100

I don't think you can specify deny rules. By default m0n0wall denies
everything and you can only specify allow rules. You could have a look
at the /etc/rc.* scripts and add some specific firewall commands if you
wanted though.

Regards,

Frans



On Thu, 2003-09-04 at 00:50, P Lecheler wrote:
> It appears that I can only specify permit type access rules using the GUI.  How can I specify
'bogon' (unallocated ip addresses) in my rules
(http://www.cymru.com/Documents/bogon-dd.html#dd-route-agg  for an example)?  This is a common
specification for most firewall type devices.  I have searched the mail archives and did not see it
discussed.  Maybe I missed it but I didn't see a way to deny WAN multicast addresses inbound (this
appeard to be taken care of by a broad deny rule)?  
> 
> I'd also like to deny specific TCP ports from the LAN to WAN but can not figure out how to specify
deny.  Do I need to go into the base code and modify one of the php include files?  If so, which
one(s)? 
> 
> Have I missed something about how to specify additional deny rules?  I see how we can negate parts
of the rules but this capability appears to be different than deny.
> 
> Tnx.
-- 
Frans J King <kingf1 at cs dot man dot ac dot uk>