From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 25 22:24:51 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 3288316A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Nov 2003 22:24:51 -0800 (PST)
Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1E4FE43FCB
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Nov 2003 22:24:50 -0800 (PST)	(envelope-from kdk@daleco.biz)
Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft
	SMTPSVC(6.0.3790.0);	 Wed, 26 Nov 2003 00:27:44 -0600
Message-ID: <3FC44735.8080503@daleco.biz>
Date: Wed, 26 Nov 2003 00:24:53 -0600
From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031124
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: cpghost@cordula.ws
References: <00c001c3b3a9$9d7fa8e0$6401a8c0@grant>
	<200311260058.hAQ0wu93048845@fw.farid-hajji.net>
In-Reply-To: <200311260058.hAQ0wu93048845@fw.farid-hajji.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 26 Nov 2003 06:27:45.0421 (UTC)
	FILETIME=[675883D0:01C3B3E6]
cc: freebsd-questions@freebsd.org
cc: grant@thenetnow.com
Subject: Re: Block IP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2003 06:24:51 -0000

Cordula's Web wrote:

>>Can I block a certain IP address at the machine or interface level using
>>freebsd? (No at the Apache or Sendmail level).
>>    
>>
>
>Quick and dirty fix:
>
># route add 1.2.3.4 127.0.0.1
>
>All ACKs to 1.2.3.4 would not be able to reach their destination,
>and no TCP connections could be established this way. Moreoever,
>no UDP or ICMP packets would reach the blocked IP address.
>
>You can also block a whole subnet this way.
>
>  
>

That's a wonderful hack!

What about

all: 1.2.3.4 :deny

in /etc/hosts.allow?

Kevin Kinsey
DaleCo, S.P.