From owner-freebsd-pf@FreeBSD.ORG  Tue Feb 11 15:47:54 2014
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7E8BFA35
 for <freebsd-pf@freebsd.org>; Tue, 11 Feb 2014 15:47:54 +0000 (UTC)
Received: from unsane.co.uk (unsane-pt.tunnel.tserv5.lon1.ipv6.he.net
 [IPv6:2001:470:1f08:110::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id 0E90E105D
 for <freebsd-pf@freebsd.org>; Tue, 11 Feb 2014 15:47:53 +0000 (UTC)
Received: from vhoffman.lon.namesco.net (lon.namesco.net [195.7.254.102])
 (authenticated bits=0)
 by unsane.co.uk (8.14.7/8.14.6) with ESMTP id s1BFlpxk064307
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-pf@freebsd.org>; Tue, 11 Feb 2014 15:47:51 GMT
 (envelope-from vince@unsane.co.uk)
Message-ID: <52FA4627.8090308@unsane.co.uk>
Date: Tue, 11 Feb 2014 15:47:51 +0000
From: Vincent Hoffman <vince@unsane.co.uk>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: freebsd-pf@freebsd.org
Subject: Re: pf block IP immediately
References: <52FA3CA9.30806@lissyara.su>
In-Reply-To: <52FA3CA9.30806@lissyara.su>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
 \(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf/>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
 <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2014 15:47:54 -0000

On 11/02/2014 15:07, skeletor@lissyara.su wrote:
> Hello.
> I have a FreeBSD 9.2 amd64 with pf (build in kernel).
> Can pf block some IP (sessions) immediately? Next rule can block only
> new sessions, but currect open sessions stay open as long as they open
> by IP
>
> block quick from X.X.X.X to any
> block quick from any to X.X.X.X
>
> Also, I can do pfctl -F sessions, but it flushes all sessions of all
> users.
>
> tcpdrop not shown this sessions, because this is a nat sessions.
pfctl -k
or -K looks like what you need.

The pfctl(8) man page seems to cover it quite well.


Vince


>
> Thanks.
> _______________________________________________
> freebsd-pf@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org"
>