From owner-freebsd-isp  Mon Nov  9 18:23:32 1998
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA26729
          for freebsd-isp-outgoing; Mon, 9 Nov 1998 18:23:32 -0800 (PST)
          (envelope-from owner-freebsd-isp@FreeBSD.ORG)
Received: from tuan.cse.rmit.EDU.AU (tuan.cse.rmit.edu.au [131.170.118.1])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA26719
          for <freebsd-isp@FreeBSD.org>; Mon, 9 Nov 1998 18:23:27 -0800 (PST)
          (envelope-from s9507886@tuan.cse.rmit.EDU.AU)
Received: from dropbear.cse.rmit.EDU.AU (s9507886@dropbear.cse.rmit.edu.au [131.170.118.20])
	by tuan.cse.rmit.EDU.AU (8.8.5/8.8.5) with ESMTP id NAA11742;
	Tue, 10 Nov 1998 13:23:02 +1100 (EST)
From: Tony Alexander Frank <s9507886@cse.rmit.edu.au>
Received: (s9507886@localhost) by dropbear.cse.rmit.EDU.AU (8.8.5/8.6.12) id NAA25520; Tue, 10 Nov 1998 13:22:58 +1100 (EST)
Message-Id: <199811100222.NAA25520@dropbear.cse.rmit.EDU.AU>
Subject: Re: hosts.{deny|allow}
To: willow@tds.edu (Willow)
Date: Tue, 10 Nov 1998 13:22:58 +1100 (EST)
Cc: freebsd-isp@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.05.9811061318250.18373-100000@zeus.tds.edu> from "Willow" at Nov 6, 98 01:23:34 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hey Willow,

> I'm trying to block access to our freebsd (2.2.7) boxes from several
> domains and not having any luck.  I have read the man pages on
> hosts_optiosn and hosts_access and tried to follow along without success.
> 
> I would prefer to block based on IP (I have 10 class C's or so that need
> to be blocked) if possible.

I think you'd be best suited by using some deny rules in ipfw or a similar 
firewall (whatever you're running with presently)

eg, if you've added ipfirewall to your kernel config, you can then edit one of
the prebuilt firewall configs found in /etc/rc.firewall and simple add an extra
deny rule or ten.

is add something like

Suppose you want to block any & all TCP/IP access from the 'bad' network of 
192.168.1.0 then you can add a line like the following to your rc.firewall:

$ifwcmd add deny log all from 192.168.1.0/16 to any   

There's several prebuilt samples in /etc/rc.firewall...

Remember that if you use this, to also update /etc/rc.conf with the appropriate
firewall options.

-- 
| Tony Frank                            | Mobile: +61-412-481-029         |
| 4th Year Computer Systems Engineering | Fax:    +61-3-9720-4672         |
| RMIT, Melbourne, Victoria, Australia  | Email: s9507886@cse.rmit.edu.au |

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message