News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Firewall/NAT
linktree Topic: Block a number of PC's on my internal network
Pages: [1]
Topic: Block a number of PC's on my internal network  (Read 2602 times)
« on: July 03, 2007, 22:50:29 »
mazuco *
Posts: 3
I have only the rules of ftp, http, https, pop, smtp, but I need to block a numer of pc's how can I do?
« Reply #1 on: July 04, 2007, 10:25:02 »
markb ****
Posts: 331
As there is not much info on  your post, I am making the following assumptions.
1. You are using DHCP on your LAN
2. Your allow rules are allowing the whole LAn segment out on the specified ports.

You will need to either give the PC's either a static IP address or set up a reservation for them in DHCP.  you can then add specific block rules for the IP addresses above the allow rules.  The rules are processed in order.
« Reply #2 on: September 05, 2007, 17:07:19 »
samat *
Posts: 4
Quote from: markb on July 04, 2007, 10:25:02
You will need to either give the PC's either a static IP address or set up a reservation for them in DHCP.  you can then add specific block rules for the IP addresses above the allow rules.  The rules are processed in order.

I have the same problem, my pc's have a static IP address, but when i block a single ip address in the firewall rules (LAN), nothing happends, the pc still have the internet access.

i do this....

1) Action : block
2) Disabled : uncheck
3) Interface : LAN
4) Protocol : any
5) ICMP type : any
6) Source : not uncheck, single host or alias, in my case this IP address 192.168.0.34
7) Source port range : any
Cool Destination : not uncheck, any
9) Destination port range : any
10) Fragments : uncheck
11) Log : uncheck

help me please...

thank you !
 Wink
« Last Edit: September 05, 2007, 17:25:52 by samat »
« Reply #3 on: November 15, 2007, 21:53:52 »
samat *
Posts: 4
Another problem that i have is when i put the new rules in monowall they don't work and the configuration of monowall is damaged, so i'm forced to install the backup. Only the rules, Why is that ??

Thanxx
« Reply #4 on: December 14, 2007, 11:42:31 »
apnovi *
Posts: 13
Quote from: samat on September 05, 2007, 17:07:19
Quote from: markb on July 04, 2007, 10:25:02
You will need to either give the PC's either a static IP address or set up a reservation for them in DHCP.  you can then add specific block rules for the IP addresses above the allow rules.  The rules are processed in order.

I have the same problem, my pc's have a static IP address, but when i block a single ip address in the firewall rules (LAN), nothing happends, the pc still have the internet access.

i do this....

1) Action : block
2) Disabled : uncheck
3) Interface : LAN
4) Protocol : any
5) ICMP type : any
6) Source : not uncheck, single host or alias, in my case this IP address 192.168.0.34
7) Source port range : any
Cool Destination : not uncheck, any
9) Destination port range : any
10) Fragments : uncheck
11) Log : uncheck

help me please...

thank you !
 Wink



Remember your rules are processed in order. If you wanted to block one specific static ip put the rule at the top any other allow rules should come after eg,

BLOCK 192.168.0.34 FOR ALL TRAFFIC
ALLOW 192.168.0.10 FOR ALL TRAFFIC

 
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines