From owner-freebsd-questions@FreeBSD.ORG  Tue Nov 25 23:25:13 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A70F916A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Nov 2003 23:25:13 -0800 (PST)
Received: from skutsje.san.webweaving.org (skutsje.san.webweaving.org
	[209.132.96.45])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C6C9443FBD
	for <freebsd-questions@freebsd.org>;
	Tue, 25 Nov 2003 23:25:10 -0800 (PST)
	(envelope-from dirkx@webweaving.org)
Received: from skutsje.san.webweaving.org (localhost [127.0.0.1])
	hAQ7NBA2003362
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Tue, 25 Nov 2003 23:23:12 -0800 (PST)
	(envelope-from dirkx@webweaving.org)
Received: from localhost (dirkx@localhost)hAQ7NB7k003359;
	Tue, 25 Nov 2003 23:23:11 -0800 (PST)
	(envelope-from dirkx@webweaving.org)
X-Authentication-Warning: skutsje.san.webweaving.org: dirkx owned process
	doing -bs
Date: Tue, 25 Nov 2003 23:23:11 -0800 (PST)
From: Dirk-Willem van Gulik <dirkx@webweaving.org>
X-X-Sender: dirkx@skutsje.san.webweaving.org
To: Grant Peel <grant@thenetnow.com>
In-Reply-To: <00c001c3b3a9$9d7fa8e0$6401a8c0@grant>
Message-ID: <20031125232021.T66019@skutsje.san.webweaving.org>
References: <00c001c3b3a9$9d7fa8e0$6401a8c0@grant>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: freebsd-questions@freebsd.org
Subject: Re: Block IP
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2003 07:25:13 -0000



On Tue, 25 Nov 2003, Grant Peel wrote:

> Can I block a certain IP address at the machine or interface level using
> freebsd? (No at the Apache or Sendmail level).
>
> CyberLaert monioting one of my hosts at the rate of 1.2 GB oer day!

Easiest and quickest is to install the firewall - if it is not already in
your kernel, simply load it as a dynamic module. In a pinch (and if the
person causing problem is doing this by accident) you can try something
like "route add 12.34.56.78/32 127.0.0.1" which will make the tcp
handshake break. Which may cause the other end to realize somethign is
amiss. But it does not really stop the traffic.

Dw