From owner-freebsd-questions@freebsd.org Mon Feb 17 16:47:45 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4CE9623E840 for ; Mon, 17 Feb 2020 16:47:45 +0000 (UTC) (envelope-from hamdi20193d@gmail.com) Received: from mail-vs1-xe32.google.com (mail-vs1-xe32.google.com [IPv6:2607:f8b0:4864:20::e32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48LqfR1TZVz3QFB for ; Mon, 17 Feb 2020 16:47:42 +0000 (UTC) (envelope-from hamdi20193d@gmail.com) Received: by mail-vs1-xe32.google.com with SMTP id k188so10759437vsc.8 for ; Mon, 17 Feb 2020 08:47:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=zCV2vD1Ml8oYmBAjDe2SBU+MblNQQMzfC0C8iseKkLA=; b=qPydNSnZdtmBdzSNEXnZZaWZzeOGp8ZzBxdFGEJjsn1rMbp/EOQQRv6ItdHSTJvNzb bMUCE8X8I4hIVtj2PQO8xZHJz/zKFsPFyUUgKEjHi3oMnQw2eQUM9YB+4XdDQkMRDKc2 k6AiAy4AllNEoCJzZhuVuZyziy7BjqpfdNPowfHmxG81YJQyf/3q/Dj/K7hd1hFhLXxI QtvIe2DSRlB9zLxCybhhQd6X4ji9uGJup9BzP/W+5KBza6vvX0PuqKa9a4osas2rywNj 68o2BPMaI9I1GFCMLg9BufNeeOriutsGrTkpOY4UcdA32YRw2eOwAbX9uxn0n8DhQ6ls fCmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=zCV2vD1Ml8oYmBAjDe2SBU+MblNQQMzfC0C8iseKkLA=; b=j1JYep4mQWw/xljtT1OigLZKoc/yB3xYmupgCT3cdDeoNpRWDHvsau33gPkfScVs4R /2aCfmgZQI9rgaMZcNHvqhTJrUpOkq5jR/6DBIixMnEgtbzjaY4rjP+w4sh/6capoBkW 25th5r7LWj91hoFJb8ZCf6AK+AeY0upBMcPnYbCD2yeIYKmBH8DaIp93mWOHpsTM6pKc KiXP8x4fEaQYmmRZH9gSOW71jI5cS9tclNb7KisEj0xmQXrO5FL5oOWuDdURr2zmx9b6 dbHBdfsgCeRwJ+tXuJEN6x5xkydv1sY3rpsBG/ljiPDmYs5PB6e+oeo91726mxZA9qqJ 9QIQ== X-Gm-Message-State: APjAAAWtb0QkSogDrKgKkj+mFcez1oYPuDIRgEonFhZSFx/Ekl1tsAXi BSjgoN1su200brwpqQ8YCVqfDVg30USPjlLXjSw0z8P3 X-Google-Smtp-Source: APXvYqyKXIKpvjgT8LcDMLEPjkpw3rLhll0RAkTjofHtvo/Pf7lbGpYZT2lTDxIOw88A1nXvcdwKyztA0IzMnfHhDh4= X-Received: by 2002:a05:6102:3105:: with SMTP id e5mr8777965vsh.133.1581958061980; Mon, 17 Feb 2020 08:47:41 -0800 (PST) MIME-Version: 1.0 References: <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com> In-Reply-To: From: Andreas X Date: Mon, 17 Feb 2020 19:47:30 +0300 Message-ID: Subject: Re: Blacklist IP file for IPFW? To: Tim Daneliuk , FreeBSD Mailing List X-Rspamd-Queue-Id: 48LqfR1TZVz3QFB X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=qPydNSnZ; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of hamdi20193d@gmail.com designates 2607:f8b0:4864:20::e32 as permitted sender) smtp.mailfrom=hamdi20193d@gmail.com X-Spamd-Result: default: False [0.00 / 15.00]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[9]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; IP_SCORE(0.00)[ip: (-9.43), ipnet: 2607:f8b0::/32(-1.89), asn: 15169(-1.68), country: US(-0.05)]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; HTTP_TO_IP(1.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2020 16:47:45 -0000 Hi again, The rule: "65500 0 0 deny ip from table(10) to any" was almost the last rule and I suspected it, therefore I wanted to move the rule upper, changed the command: ${FWCMD} 00350 add deny all from table\(10\) to any (adding rule number 00350), now ipfw successfully blocks the IPs in the table. My question is, why it didn't block the IPs when it had rule number 65500? (It might be the last rules, but still, it has "deny" command..shouldn't it do the job?) Thank you. Andreas X , 17 =C5=9Eub 2020 Pzt, 18:54 tarihinde = =C5=9Funu yazd=C4=B1: > Dear Tim, > > I applied your suggestion, however it seems IPFW doesn't ban the IP > addresses in the list. (I've added a useless VPS IP of mine in the list, = to > test it, but I could still ping the server from that IP) > > Here's my script as per your suggestion: > > #!/bin/sh > FWCMD=3D"ipfw -q" > > LISTX=3D/usr/local/etc/fw/banlist.txt > > ipfw table 10 create > ipfw table 10 flush > > for addr in `cat ${LISTX}` > do > ${FWCMD} table 10 add ${addr} > done > > ${FWCMD} add deny all from table\(10\) to any > > > And ipfw show | grep "table" command outputs: > "65500 0 0 deny ip from table(10) to any" so it seems the IPs are > added. But none of them are blocked. > > I restarted IPFW too, and re-run the script again, no solution. > > Any idea? > > Thank you. > > > Tim Daneliuk , 17 =C5=9Eub 2020 Pzt, 17:51 tarihin= de > =C5=9Funu yazd=C4=B1: > >> On 2/17/20 8:36 AM, Andreas X wrote: >> >> >> > The list dramatically grows each week. How may I create a text file so >> that >> > IPFW would fetch these IPs from there directly? What's the simplest wa= y >> to >> > do this please? >> >> >> Looping through a file and running an ipfw command each time gets super >> slow as >> the list gets long. ipfw tables are the better way to do this: >> >> FWCMD=3D"ipfw -q" # Firewall command >> OIF=3Dem0 # NIC to outside world >> >> # Address spaces we want blocked entirely are listed in this file >> NAUGHTYFILE=3D/usr/local/etc/firewall/naughtyIPs >> >> # Use ipfw tables for efficiency >> >> ipfw table 10 flush >> for addr in `cat ${NAUGHTYFILE}` >> do >> ${FWCMD} table 10 add ${addr} >> done >> >> ${FWCMD} add deny all from table\(10\) to any via ${OIF} >> >> The "naughty" file can have specific IPs or CIDR blocks in it, one >> per line: >> >> 95.87.0.0/18 >> 95.87.192.0/18 >> 96.246.220.34 >> 96.30.64.0/18 >> 98.143.148.107 >> >> >> >> >> HTH, >> >> ------------------------------------------------------------------------= ---- >> Tim Daneliuk tundra@tundraware.com >> PGP Key: http://www.tundraware.com/PGP/ >> >> _______________________________________________ >> freebsd-questions@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-questions >> To unsubscribe, send any mail to " >> freebsd-questions-unsubscribe@freebsd.org" >> >