From owner-freebsd-questions@FreeBSD.ORG Sun Apr 4 19:28:25 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CAB4916A4CE for ; Sun, 4 Apr 2004 19:28:25 -0700 (PDT) Received: from radicalv.com (secure.radicalv.com [216.118.91.10]) by mx1.FreeBSD.org (Postfix) with SMTP id 43DC343D1D for ; Sun, 4 Apr 2004 19:28:25 -0700 (PDT) (envelope-from ecrist@adtechintegrated.com) Received: (qmail 90426 invoked from network); 5 Apr 2004 02:27:54 -0000 Received: from unknown (HELO ?192.168.1.100?) (63.228.14.245) by mail.radicalv.com with SMTP; 5 Apr 2004 02:27:54 -0000 From: Eric F Crist Organization: AdTech Integrated Systems, Inc To: freebsd-questions@freebsd.org Date: Sun, 4 Apr 2004 21:28:15 -0500 User-Agent: KMail/1.6.1 References: <5D4A40CA-86A7-11D8-991B-000A95A8D520@lunenburg.org> In-Reply-To: <5D4A40CA-86A7-11D8-991B-000A95A8D520@lunenburg.org> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_HRMcAUBAv+9veHT"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200404042128.23399.ecrist@adtechintegrated.com> Subject: Re: Simplest way to block a single IP? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: ecrist@adtechintegrated.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Apr 2004 02:28:25 -0000 --Boundary-02=_HRMcAUBAv+9veHT Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Sunday 04 April 2004 09:17 pm, H.Wade Minter wrote: > I've got a system that's sending a ton of referral spam to websites on > my RELENG_4_9 system. I'd like to block them from accessing my system > at the TCP level. What's the best and easiest way to do this? > > I assume I'll need to recompile the kernel with IPFIREWALL or IPFILTER > support, then set up some rules. Does anyone have a recommendation for > a simple ruleset to block one particular IP? > > Thanks, > Wade If that's *really* all you want to do, setup your kernel config to=20 IPFIREWALL_DEFAULT_ACCEPT (or whatever it really is) and simply add a singl= e=20 rule to your firewall script. Add the following to your rc.conf file: firewall_enable=3D"YES" firewall_script=3D"/etc/localhost.firewall" create a file in /etc/ called localhost.firewall with the following text: ipfw -f flush ipfw add 100 deny all from to me in --> via where is the device name for your outside ethernet adapter. all of=20 that's on one line, btw. restart the system, and you should be good to go. Make SURE you have conso= le=20 access when playing with firewall rules. Otherwise, you could block your s= sh=20 access. HTH =2D-=20 Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588 --Boundary-02=_HRMcAUBAv+9veHT Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAcMRHzdyDbTMRQIYRAh6GAJ0br5v8eX8Jom6Kd+NYJi3fzjIdLQCgrVES h4sIVneLdEtEAL6WJcSNst8= =OY4k -----END PGP SIGNATURE----- --Boundary-02=_HRMcAUBAv+9veHT--