Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 08 Feb 1997 14:05:09 -0800
From:      Julian Elischer <julian@whistle.com>
To:        That Doug Guy <tiller@connectnet.com>
Cc:        FreeBSD Questions <FreeBSD-Questions@freebsd.org>, "FreeBSD-ISP@freebsd.org" <FreeBSD-ISP@freebsd.org>
Subject:   Re: Packet filtering help please
Message-ID:  <32FCF895.59E2B600@whistle.com>
References:  <199702081909.LAA11891@smtp.connectnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
That Doug Guy wrote:
> 
> Howdy,  :-)
> 
>         I (still, *cough*) need information on packet filtering.  I looked at
> LINT, and found this about bpf:
> 
> #  The `bpfilter' pseudo-device enables the Berkeley Packet Filter.  Be
> #  aware of the legal and administrative consequences of enabling this
> #  option.  The number of devices determines the maximum number of
> #  simultaneous BPF clients programs runnable.


bpf is not what you want to do...
what you want is ipfw.

bpf is a debugging interface that allows packets to selectively be
transfered to a debugging process.

ipfw allows you to put filtering rules on interfaces for firewalling
purposes..



>  The last time I asked, the best info I got was that for my purposes
> (occasional filtering of nuisance hosts) enabling the firewall option in the
> kernel, and using ipfw would be my best bet.  This issue has become
> somewhat more urgent as our system is being attacked by a pesky (and
> persistent) 15 year old.  I never did receive an answer on how much
> overhead (cpu is the biggest consideration)

some but not too much

> this will add to my system.  Also,
> where can I find more info on how to construct rules? 
> (Beyond the man pages.)
> I will be doing this all remotely, so getting it right the first time is
> essential.

add the following code to the rc file 
ipfw add 10000  allow ip from all to all
ipfw add 1000   deny ip from {his address}



that should about do it..
remember that the default rule is:
ipfw add 65536 deny ip from any to any

so you need to add the allow rule above via /etc/rc
because you won't be able to get to the box to do it by hand :)



> 
>         I've heard that the O'Reilly book on TCP/IP Administration is really
> good.....is this kind of information included in it?  I have 2 of their books
> already, and really like them.  Please note that I'm willing to do the digging
> to get the info myself, but I've run out of places to look.
> 
> Thanks in advance for any help you can offer,
> 
> Doug

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?32FCF895.59E2B600>