From owner-freebsd-pf@FreeBSD.ORG Sun Jan 18 11:43:49 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B3121065702 for ; Sun, 18 Jan 2009 11:43:49 +0000 (UTC) (envelope-from infos@dnswatch.com) Received: from fast.dnswatch.com (fast.dnswatch.com [75.160.109.234]) by mx1.freebsd.org (Postfix) with ESMTP id DABD48FC1B for ; Sun, 18 Jan 2009 11:43:48 +0000 (UTC) (envelope-from infos@dnswatch.com) Received: from webmail.dnswatch.com (localhost.dnswatch.com [127.0.0.1]) by fast.dnswatch.com (8.14.2/8.14.2) with ESMTP id n0IBAULm028856 for ; Sun, 18 Jan 2009 03:10:36 -0800 (PST) (envelope-from infos@dnswatch.com) Received: from hitme.hitometer.net ([75.160.109.235]) (DNSwatchWebMail authenticated user infos) by webmail.dnswatch.com with HTTP; Sun, 18 Jan 2009 03:10:36 -0800 (PST) Message-ID: <59e0bfe9193784283b7c7aaa2d958ad7.dnswclient@webmail.dnswatch.com> Date: Sun, 18 Jan 2009 03:10:36 -0800 (PST) From: infos@dnswatch.com To: freebsd-pf@freebsd.org User-Agent: DNSwatchWebMail/1.5.2 [SVN] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: basic rule request - allow_all/block_bad X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jan 2009 11:43:49 -0000 Greetings, I know very little about creating an initial pf.conf. I know /very/ /much/ that I want/need PF, and will need a fair amount of time to "tune" pf to work optimally for each server. BUT, in an effort to get started, I'm hoping that some kind soul will provide me with a very basic pf.conf that will not interrupt the current application/server block policies I already have in place - which is to say; I currently block at the application/server, but hope to merge (transfer) them to PF. So. can anyone share a pf.conf that will allow all, but block ALL_EVIL_IP requests on ALL ports? In other words, if I only wanted to block (drop) ALL traffic coming from a /single/ IP address. How would I do it? I have one (active) NIC in each of my servers, and there are anywhere from 3 to 12 IP's aliased to them above and beyond the IP assigned to the host itself. All addresses are fully qualified, internet route-able addresses (no internal/private IP's). Thank you for all your time and consideration. --Chris