Date: Sat, 24 Nov 2012 17:06:01 +0100 From: David Demelier <demelier.david@gmail.com> To: Fleuriot Damien <ml@my.gd> Cc: freebsd-questions@freebsd.org Subject: Re: PF and tables for disabling network Message-ID: <50B0F069.5030104@gmail.com> In-Reply-To: <FE06D636-BD36-48E3-B1E8-5439AD27BE11@my.gd> References: <CAO%2BPfDefeN%2BiEL-0UeLa5oSL%2B0dz4DKTiwEnuWnyoxeowsiMpg@mail.gmail.com> <FE06D636-BD36-48E3-B1E8-5439AD27BE11@my.gd>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23/11/2012 15:58, Fleuriot Damien wrote: > > On Nov 23, 2012, at 3:46 PM, David Demelier <demelier.david@gmail.com> wrote: > >> Hello, >> >> I would like to disable the network traffic for specific IPs, for the >> moment I just add to my pf.conf a rule that will block everything for a >> specified table like this : >> >> table <closed> >> >> [...] others rules [...] >> >> block from <closed> >> >> Then I just need to add my IP using pfctl, it will works, no packet can be >> send / recv to the machine, however if that machine had some active >> connections, these won't be closed and they can still use them (a SSH >> client, game, ...) >> >> How can I disable everything then? >> >> Cheers >> >> -- >> Demelier David > > > First, you might want to use "block in quick on $externalif inet from <closed>" , to have: > - a quick rule, which stops ruleset evaluation immediately > - a more specific rule, which applies only to your WAN interface's inbound traffic > > Be careful with the quick keyword, it's going to match packets immediately and entirely block these IPs. > > > Then, if you want to kill the active connections from people in the <closed> table, you might want to "script" a bit, like: > > for i in `pfctl -t closed -T show` > do > pfctl -kK $i > done > > > > Would that do the trick for you ? > Thank you that works very well :) Cheers, -- David Demelier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50B0F069.5030104>