From owner-freebsd-questions@FreeBSD.ORG Sun Apr 24 14:07:58 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5341516A4CE for ; Sun, 24 Apr 2005 14:07:58 +0000 (GMT) Received: from smtp1.versatel.nl (smtp1.versatel.nl [62.58.50.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id 350AF43D1F for ; Sun, 24 Apr 2005 14:07:57 +0000 (GMT) (envelope-from f.staals@zonnet.nl) Received: (qmail 8038 invoked by uid 10); 24 Apr 2005 14:07:55 -0000 Received: (vexira-qq 08029-FFDF93C7 invoked from network) 24 Apr 2005 16:07:55 +0200 Received: from unknown (HELO [192.168.2.5]) ([62.59.173.176]) (envelope-sender ) by smtp1.versatel.nl (qmail-ldap-1.03) with SMTP for < >; 24 Apr 2005 14:07:55 -0000 Message-ID: <426BA845.3000309@zonnet.nl> Date: Sun, 24 Apr 2005 16:08:05 +0200 From: Frank Staals User-Agent: Mozilla Thunderbird 1.0 (X11/20050302) X-Accept-Language: en-us, en MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.16; VAE: 6.30.0.2; VDF: 6.30.0.11; host: postbode01.zonnet.nl) Subject: Blocking traffic with PF X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 24 Apr 2005 14:07:58 -0000 Hey everyone, I would like to bock all traffic from one host, the problem is the data isn't comming from that host anymore, it is redirected from my router, I am using PF as firewall, this is te ruleset I wanted to use for it: block in from { example.host.com , example2.secondhost.com } to any but when I enable tcpdump when starting the application which triggers the comming data from the hosts I want to block this is a piece of what it shows ( with the -v option ) : 15:54:45.944499 IP Riza.FStaals.LAN.63681 > SpeedTouch.FStaals.Lan.domain: 57330+ AAAA? example.host.com. (35) 15:54:45.974083 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.63681: 57330 1/0/0 CNAME example2.secondhost.com. (54) 15:54:45.974301 IP Riza.FStaals.LAN.65038 > SpeedTouch.FStaals.Lan.domain: 57331+ A? example.host.com. (35) 15:54:45.986375 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.65038: 57331 2/0/0 CNAME example2.secondhost.com.[|domain] 15:54:45.986740 IP Riza.FStaals.LAN.63345 > SpeedTouch.FStaals.Lan.domain: 57332+ AAAA? example2.secondhost.com. (32) 15:54:45.999378 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.63345: 57332 0/0/0 (32) 15:54:45.999509 IP Riza.FStaals.LAN.58187 > SpeedTouch.FStaals.Lan.domain: 57333+ A? example2.secondhost.com. (32) 15:54:46.014454 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.58187: 57333 1/0/0 A 193.69.116.13 (48) 15:54:46.867432 IP Riza.FStaals.LAN.50980 > SpeedTouch.FStaals.Lan.domain: 36113+ PTR? 138.0.0.10.in-addr.arpa. (41) 15:54:46.868404 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.50980: 36113* 1/0/0 PTR[|domain] 15:54:46.869032 IP Riza.FStaals.LAN.54487 > SpeedTouch.FStaals.Lan.domain: 36114+ PTR? 13.116.69.193.in-addr.arpa. (44) 15:54:46.905268 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.54487: 36114 NXDomain* 0/0/0 (44 ) So the problem is that the data is redirected at my router ( SpeedTouch.FStaals.LAN ) to my laptop ( Riza.FStaals.LAN ) but I can't block all the traffic from my router since all other data I do want to receive. My router doesn't have an option to block specified URLs so I can't do it there eighter. Has anyone an Idea how I can block all the data from the 'bad-hosts' ( which I changed here in example.host.com and example2.secondhost.com ) Thanks in advance Frank Staals