On 01/05/2006 01:21:06 PM, tim wrote:
hullo,
I have a very simple problem but sadly I'm too brainless to figure it
out.
There's an idiot on our network who refuses to switch off his P2P.
The outward port blocking solution is not a popular one.
Thus, what I want to do is to block out this idiot. H
# nat ...
nat on $ext_if from $internal_net to any -> ($ext_if)
# grr, this bit isn't working
block out quick on $ext_if from $idiot to any
The above does not work because natting happens first, so the
rule sees ($ext_if)
block out quick on $int_if from $idiot to any
The above does not work because the datagrams going out on $int_if
are to $idiot, not from $idiot. You might want to block in instead.
Karl <[EMAIL PROTECTED]>
Free Software: "You don't pay back, you pay forward."
-- Robert A. Heinlein
