From owner-freebsd-questions@freebsd.org Mon Feb 17 14:36:51 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 2CC1423AC08 for ; Mon, 17 Feb 2020 14:36:51 +0000 (UTC) (envelope-from hamdi20193d@gmail.com) Received: from mail-vs1-xe2c.google.com (mail-vs1-xe2c.google.com [IPv6:2607:f8b0:4864:20::e2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48LmlP4NW1z4dT9 for ; Mon, 17 Feb 2020 14:36:49 +0000 (UTC) (envelope-from hamdi20193d@gmail.com) Received: by mail-vs1-xe2c.google.com with SMTP id t12so10457857vso.13 for ; Mon, 17 Feb 2020 06:36:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=WQ6UEGAiOZHXnQ+Vksp/9er3iaRuoC2Lx5cRD7QtIAg=; b=iPjdVwms5dxyOT/sNn5D6cHEFwcQB+VNLL6WFzJdNXZS3ajACvSJ/cniIFHPDEq+D9 4Bz4q86Qe+y3UrFGOtn+8eo7S6xOO4x3JoHlYBzFcgHgjCLI/f/VnFM9wX8V6BJB3tXu FyoC6E7RPbIzTuES9i2ZolTb4QJw8K3/8pVKwNL/71BhZ6K6+TaB5l6E5m9T4FUYponk f89xmqF4HySgNISnGUf4ZNTcdW1OQNM0OL6qwH849WwjrxKJB0ZIFbs4wQgks025A2lk Ppm+WY9DVCcQZ08WlTnTFVg6+eFjivJdLEWKOG1bKIszOzgmLQgIl4bqSu/TRKrAn7wY pSoA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WQ6UEGAiOZHXnQ+Vksp/9er3iaRuoC2Lx5cRD7QtIAg=; b=VREn0zBkTGaOdpRYu1OCQOcGJ/3ZlD+AVWY5kCZx3BVAm5F2i1H2QzVWyGyWPY4057 luKud7aIWL8mB5CF6bR32AdGg4NhBy+DRFUcURTiXXXOG/5cwLsmMNV+YrMPenjDL7gE tSUnvxblEuiUMDQci6Ut2v1G8pIDKoIGYhYlAObUywL/kSNx3lYSA7tRHfKc0rZkJ3N0 lTdA+IxHyCyKuP7R46lOHms8myzIPR0EnwSKYr69uRaAn5CRbs9YJt/R7NRXP04IHR5Y Wi6oMtN8hQskIT735cHzv8hsxvZJBZvf72J7vMkoszKJhJ+e/r848rUsroS88BBq8kRG EeWw== X-Gm-Message-State: APjAAAXRzAhKM5jMqW1Pfmx4IC15XflDNl7Xayz9YEysgw+YQ7W1lDfX pu5TCyKka1QdAEzzoBQB5tXDQ4K2KEHyRtj1t48VWHu1 X-Google-Smtp-Source: APXvYqyx/GF+471LTLZQoDw0AmH6EH2j2KLgIEEXhJusPvBHgzWhad6ClvYOQTVGzVqdlUebaJ4yc7j8W0C/tUlpNAI= X-Received: by 2002:a67:fd0d:: with SMTP id f13mr7883203vsr.125.1581950207807; Mon, 17 Feb 2020 06:36:47 -0800 (PST) MIME-Version: 1.0 From: Andreas X Date: Mon, 17 Feb 2020 17:36:36 +0300 Message-ID: Subject: Blacklist IP file for IPFW? To: freebsd-questions@freebsd.org X-Rspamd-Queue-Id: 48LmlP4NW1z4dT9 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=iPjdVwms; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of hamdi20193d@gmail.com designates 2607:f8b0:4864:20::e2c as permitted sender) smtp.mailfrom=hamdi20193d@gmail.com X-Spamd-Result: default: False [-0.90 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_NONE(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MIME_BASE64_TEXT(0.10)[]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.67), ipnet: 2607:f8b0::/32(-1.89), asn: 15169(-1.68), country: US(-0.05)]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_IN_DNSWL_NONE(0.00)[c.2.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; HTTP_TO_IP(1.00)[]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2020 14:36:51 -0000 My /etc/rc.firewall file contains the following additional lines created by me, for purpose of banning attacker's DDoSers IP: ${fwcmd} add deny ip from 122.228.19.80/24,\ 185.234.219.65/24,\ 92.118.38.57/24,\ 185.36.81.143/24,\ 141.98.10.137/24,\ 45.125.66.144/24,\ 185.100.87.190/24,\ 45.142.195.6/24,\ 45.143.223.52/24,\ 103.7.10.131/24,\ 52.178.192.68/24,\ 80.82.77.33/24,\ 164.68.112.178/24,\ 81.95.5.34/24 to any The list dramatically grows each week. How may I create a text file so that IPFW would fetch these IPs from there directly? What's the simplest way to do this please? P.S: I found no reason to *hide*/mask those IPs above, because they're truly and randomly filling log files, not regular users at all! It'd be useful for anyone else to know about them to block them too :) Thank you all, so much!