Date: Mon, 27 Oct 2014 16:37:19 +0000 From: "Spenst, Aleksej" <Aleksej.Spenst@harman.com> To: Cristiano Deana <cristiano.deana@gmail.com>, Gary Palmer <gpalmer@freebsd.org> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: AW: How to block IP range Message-ID: <CBA35483CE5B4D4B804BF128A77A61650E9A16F8@HIKAWSEXMB02.ad.harman.com> In-Reply-To: <CAO82ECEWOYTFSqHn9q1BzKBazvJgm_9atbh-EXfVSQamN4Pi1g@mail.gmail.com> References: <CBA35483CE5B4D4B804BF128A77A61650E9A16A7@HIKAWSEXMB02.ad.harman.com> <20141027162433.GB6851@in-addr.com> <CAO82ECEWOYTFSqHn9q1BzKBazvJgm_9atbh-EXfVSQamN4Pi1g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Cris, Gary, Thank you! Will this generate 100 separate rules or just one rule? If only one rule, how the number of IP addresses in the range influences the performance of pf? > sh -c 'for ip in `jot 100 1 100`; do echo 10.0.0.$ip >> /etc/pf/blocked_hosts.table; done' is it a typo? I got the error: "sh: jot: cannot execute - No such file or directory" Thanks, Aleksej. -----Ursprüngliche Nachricht----- Von: Cristiano Deana [mailto:cristiano.deana@gmail.com] Gesendet: Montag, 27. Oktober 2014 17:31 An: Gary Palmer Cc: Spenst, Aleksej; freebsd-pf@freebsd.org Betreff: Re: How to block IP range On Mon, Oct 27, 2014 at 5:24 PM, Gary Palmer <gpalmer@freebsd.org> wrote: Hi >> For example, I need to block only 100 IPs in the range: >> 10.0.0.1-10.0.0.100 > tables? > > you can do things like > > table <blocked_hosts> persist file "/etc/pf/blocked_hosts.table" > block in quick log on $ext_if_ipv4 from <blocked_hosts> to any I'm adding the fast way to build the file: sh -c 'for ip in `jot 100 1 100`; do echo 10.0.0.$ip >> /etc/pf/blocked_hosts.table; done' -- Cris, member of G.U.F.I Italian FreeBSD User Group http://www.gufi.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CBA35483CE5B4D4B804BF128A77A61650E9A16F8>