Date: Thu, 19 Jul 2001 12:13:19 -0400 (EDT) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Walter Hop <walter@binity.com> Cc: "default013 - subscriptions" <default013subscriptions@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: blocking I.P. addresses/ranges Message-ID: <200107191613.f6JGDJq08938@khavrinen.lcs.mit.edu> In-Reply-To: <4723040991.20010719145335@binity.com> References: <OE6369RKLpgTFur2iz20000025c@hotmail.com> <4723040991.20010719145335@binity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Thu, 19 Jul 2001 14:53:35 +0200, Walter Hop <walter@binity.com> said: > [in reply to default013subscriptions@hotmail.com, 19-07-2001] >> I know there is a way to block I.P. addresses/I.P. ranges in Linux by using >> something like 'route add 24.198.54.0 deny' etc... I assume that there must >> be a similar way to do this in FreeBSD... > In FreeBSD, you can do this for instance with the ``ipfw'' tool. Or, without recourse to the packet-filtering code, using: route add -net aa.bb.cc.dd -netmask (some mask) -interface lo0 -reject However, there is an important caveat to doing this: adding such a route does not prevent the other party from sending packets to you; it only prevents your machine from responding. Thus, it does not help against those attacks which do not require a response. -GAWollman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107191613.f6JGDJq08938>