From owner-freebsd-questions@FreeBSD.ORG  Sun Apr  4 19:27:46 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1C5C316A4CE
	for <freebsd-questions@freebsd.org>;
	Sun,  4 Apr 2004 19:27:46 -0700 (PDT)
Received: from ns1.tiadon.com (SMTP.tiadon.com [69.27.132.161])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8943C43D5D
	for <freebsd-questions@freebsd.org>;
	Sun,  4 Apr 2004 19:27:45 -0700 (PDT)	(envelope-from kdk@daleco.biz)
Received: from daleco.biz ([69.27.131.0]) by ns1.tiadon.com with Microsoft
	SMTPSVC(6.0.3790.0);	 Sun, 4 Apr 2004 21:28:22 -0500
Message-ID: <4070C41A.6050201@daleco.biz>
Date: Sun, 04 Apr 2004 21:27:38 -0500
From: "Kevin D. Kinsey, DaleCo, S.P." <kdk@daleco.biz>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040322
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: "H.Wade Minter" <minter@lunenburg.org>
References: <5D4A40CA-86A7-11D8-991B-000A95A8D520@lunenburg.org>
In-Reply-To: <5D4A40CA-86A7-11D8-991B-000A95A8D520@lunenburg.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 05 Apr 2004 02:28:23.0296 (UTC)
	FILETIME=[AAF76800:01C41AB5]
cc: FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject: Re: Simplest way to block a single IP?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Apr 2004 02:27:46 -0000

H.Wade Minter wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've got a system that's sending a ton of referral spam to websites
> on my RELENG_4_9 system.  I'd like to block them from accessing
> my system at the TCP level.  What's the best and easiest way to do this?
>
> I assume I'll need to recompile the kernel with IPFIREWALL or
> IPFILTER support, then set up some rules.  Does anyone have
> a recommendation for a simple ruleset to block one particular IP?
>
> Thanks,
> Wade


I have a better recommendation than that.

Since it's just one IP, have a look at /etc/hosts.allow.

The syntax and comments there should enlighten
you greatly as to what to do....

Then, sit back and smile && enjoy a beverage
as tcpwrappers sends this c*** to a "virtual"
oblivion ...

Kevin Kinsey
DaleCo, S.P.