From owner-freebsd-questions@FreeBSD.ORG Sat Sep 15 21:36:29 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D946016A421 for ; Sat, 15 Sep 2007 21:36:29 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from snoogles.rachie.is-a-geek.net (66-230-99-27-cdsl-rb1.nwc.acsalaska.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 5045A13C442 for ; Sat, 15 Sep 2007 21:36:29 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (localhost [127.0.0.1]) by snoogles.rachie.is-a-geek.net (Postfix) with ESMTP id 427091CC97 for ; Sat, 15 Sep 2007 13:36:28 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Sat, 15 Sep 2007 23:36:27 +0200 User-Agent: KMail/1.9.7 References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200709152336.27214.fbsd.questions@rachie.is-a-geek.net> Subject: Re: How to add rule with pfctl... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Sep 2007 21:36:29 -0000 On Saturday 15 September 2007 23:18:17 Agus wrote: > I am trying to figure out how to add a firewall rule with pfctl... > This is what i'm trying to do... > > I've got SEC that matches certain pattern and takes the IP from that and > want to trigger a firewall rule to block that IP.... > Then after a couple of hours SEC will trigger the command to un-block the > IP... > So what i need is the command to block an IP address from command line, not > touching any pf.conf.... If you don't need to add a rule but an IP, then tables are your friend. Example for /etc/pf.conf: # Placeholder for spammers table, non-routable network IP. table persist { 192.168.111.111 } # Block this traffic block return-rst in log on $ext_if proto tcp from port smtp Then on the command line: /sbin/pfctl -t spammers -Tadd ip.from.new.spammer And to delete: /sbin/pfctl -t spammers -Tdel ip.from.old.spammer -- Mel