Date: Sun, 18 Jan 2009 20:28:19 +0100 From: Miroslav Lachman <000.fbsd@quip.cz> To: infos@dnswatch.com Cc: freebsd-pf@freebsd.org Subject: Re: basic rule request - allow_all/block_bad Message-ID: <497382D3.8040408@quip.cz> In-Reply-To: <59e0bfe9193784283b7c7aaa2d958ad7.dnswclient@webmail.dnswatch.com> References: <59e0bfe9193784283b7c7aaa2d958ad7.dnswclient@webmail.dnswatch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
infos@dnswatch.com wrote: > Greetings, > I know very little about creating an initial pf.conf. > I know /very/ /much/ that I want/need PF, and will need a fair amount > of time to "tune" pf to work optimally for each server. > BUT, in an effort to get started, I'm hoping that some kind soul will > provide me with a very basic pf.conf that will not interrupt the > current application/server block policies I already have in place - > which is to say; I currently block at the application/server, but hope > to merge (transfer) them to PF. So. can anyone share a pf.conf that will > allow all, but block ALL_EVIL_IP requests on ALL ports? > In other words, if I only wanted to block (drop) ALL traffic coming from a > /single/ IP address. How would I do it? > I have one (active) NIC in each of my servers, and there are anywhere from 3 > to 12 IP's aliased to them above and beyond the IP assigned to the host > itself. All addresses are fully qualified, internet route-able addresses > (no internal/private IP's). If you really need to block one IP, you can use following simple ruleset: block in quick from 10.20.30.40 to any pass all If you need to block more than one address, or you need easy manipulation with list of addresses, you can use tables in ruleset: table <badguys> persist file "/etc/pf.badguys.table" block in quick from <badguys> to any pass all You can put IPs in to persistent file /etc/pf.badguys.table, these IPs will be loaded in the boot time. You can add / remove address on the fly by pfctl command: pfctl -t badguys -T add 10.11.12.13 pfctl -t badguys -T delete 10.11.12.13 Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?497382D3.8040408>