From owner-freebsd-security  Thu Jul 19  5:58: 8 2001
Delivered-To: freebsd-security@freebsd.org
Received: from euromedia.pl (trinity.euromedia.pl [62.233.132.2])
	by hub.freebsd.org (Postfix) with SMTP id EB70337B403
	for <freebsd-security@FreeBSD.ORG>; Thu, 19 Jul 2001 05:58:03 -0700 (PDT)
	(envelope-from rafal@euromedia.pl)
Received: (qmail 24135 invoked by uid 85); 19 Jul 2001 12:57:56 -0000
Received: from rafal@euromedia.pl by trinity.euromedia.pl with qmail-scanner-0.96 (uvscan: v4.1.40/v4142. . Clean. Processed in 0.241561 secs); 19 Jul 2001 12:57:56 -0000
Received: from rafal.euromedia.pl (HELO euromedia.pl) (62.233.132.8)
  by em.pl with SMTP; 19 Jul 2001 12:57:56 -0000
Message-ID: <3B56DA04.41D50B15@euromedia.pl>
Date: Thu, 19 Jul 2001 15:00:52 +0200
From: =?iso-8859-2?Q?Rafa=B3?= Banaszkiewicz <rafal@euromedia.pl>
Organization: emedia sp. z o.o.
X-Mailer: Mozilla 4.77 [en] (Win98; U)
X-Accept-Language: pl,en
MIME-Version: 1.0
To: default013 - subscriptions <default013subscriptions@hotmail.com>,
	freebsd-security@FreeBSD.ORG
Subject: Re: blocking I.P. addresses/ranges
References: <OE6369RKLpgTFur2iz20000025c@hotmail.com>
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

default013 - subscriptions wrote:
> 
> Hello,
> 
> I know there is a way to block I.P. addresses/I.P. ranges in Linux by using
> something like 'route add 24.198.54.0 deny' etc... I assume that there must
> be a similar way to do this in FreeBSD... Is anyone familiar with this? How
> would I do it?
> 

	I think You should use ipfw or ipfilter to do this, in example:

# ipfw add deny log all from 192.0.2.0/24 to any via ed0

Connections with source address (any protocol) from subnet 192.0.2.0/24
will be filtered via interface ed0.

Regards,
-- 
// Rafal Banaszkiewicz, ircnet: RaFau, mailto: rafal[at]rafcio.net
//  nic hdl: RB5860-RIPE, 6bone-hdl: RB6-6BONE, ICQ uin: 35053919
//   workphone: +48815382348 int. 21, homepage: http://1055491093

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message