Date: Sun, 18 Jan 2009 03:10:36 -0800 (PST) From: infos@dnswatch.com To: freebsd-pf@freebsd.org Subject: basic rule request - allow_all/block_bad Message-ID: <59e0bfe9193784283b7c7aaa2d958ad7.dnswclient@webmail.dnswatch.com>
next in thread | raw e-mail | index | archive | help
Greetings, I know very little about creating an initial pf.conf. I know /very/ /much/ that I want/need PF, and will need a fair amount of time to "tune" pf to work optimally for each server. BUT, in an effort to get started, I'm hoping that some kind soul will provide me with a very basic pf.conf that will not interrupt the current application/server block policies I already have in place - which is to say; I currently block at the application/server, but hope to merge (transfer) them to PF. So. can anyone share a pf.conf that will allow all, but block ALL_EVIL_IP requests on ALL ports? In other words, if I only wanted to block (drop) ALL traffic coming from a /single/ IP address. How would I do it? I have one (active) NIC in each of my servers, and there are anywhere from 3 to 12 IP's aliased to them above and beyond the IP assigned to the host itself. All addresses are fully qualified, internet route-able addresses (no internal/private IP's). Thank you for all your time and consideration. --Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?59e0bfe9193784283b7c7aaa2d958ad7.dnswclient>