From owner-freebsd-questions@freebsd.org Mon Feb 17 22:43:33 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B149249466 for ; Mon, 17 Feb 2020 22:43:33 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from oceanview.tundraware.com (oceanview.tundraware.com [45.55.60.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mailman.tundraware.com", Issuer "mailman.tundraware.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48LzXz5dyRz4Rf5 for ; Mon, 17 Feb 2020 22:43:31 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from [192.168.0.2] (ozzie.tundraware.com [75.145.138.73]) (authenticated bits=0) by oceanview.tundraware.com (8.15.2/8.15.2) with ESMTPSA id 01HMgCEP009405 (version=TLSv1.2 cipher=AES128-SHA bits=128 verify=NO) for ; Mon, 17 Feb 2020 16:42:12 -0600 (CST) (envelope-from tundra@tundraware.com) Subject: Re: Blacklist IP file for IPFW? To: FreeBSD Mailing List References: <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com> From: Tim Daneliuk Openpgp: preference=signencrypt Autocrypt: addr=tundra@tundraware.com; prefer-encrypt=mutual; keydata= mQINBFlVgYoBEADIYD9W4mbKz5cEleX923hagDWkxyJl4kRiMJnz+dNAH71MItSdErMb0cFt CPxVncb4dR4R2ec0c0MjPcgVINNtbY1DMWsF7t31TKD8NG9ZjLqF6fZDFjgkRejqHytgjmCI UejrMSCf0UJsLtg+I3N1ZVVxd7ALj2bCvC/uc5S7j+YbNnhQvSoBbdFj/xOTjyOGGpk7WfB7 e42PGKq1NSgnI7tcY6HSaSH+LHeoc0yUpBb5A1ge+RhR1N9JTniEFe0qvOBi+HgUltEoxsk4 xb6IhpkDOTsxHvEg5h0ukfl8kG9cu+LrEBqwPaC8lPw3UmoTEAU+lXHanPE12JCF/54EtVCc rb4W0vqgGmLJzn5dRU/fWkar0FKPq4eoV0XMbGZKIC6pWQnMEsxEMpNvh7oefK6Kyn+LO+59 +sNYHbv1RImDJccmfHTOA6/jHdwOcnYy37U8UF7e+mGrwNs8GsMQx2AaQbR6VErakH3GBgft bMFOGQxiaRBkbzba7BZCQ060yhiC3/Mb/xHoVi7PBEmKig1SErTMA7Fh3CYPYIRDphNs6OSr tf9O4hbzUAsjbU3rxOfiWQjP3fSOM0KUBj4wpIWZlMrjAGnMIz2wHb211wsBiLqSaGiiO1LR 7RrcvbIFZvHQHiWe2tdRyuH3N/h7A316yoLfx+yy1gyP5weWsQARAQABtCRUaW0gRGFuZWxp dWsgPHR1bmRyYUB0dW5kcmF3YXJlLmNvbT6JAjcEEwEIACEFAllVgYoCGyMFCwkIBwIGFQgJ CgsCBBYCAwECHgECF4AACgkQdoOXo5EJFKntcA/9F9ags9Ik5C49N39iRq+yqBdn/Lr75rqv +Yg7JkjeVlwHpnQt1S6orTC7EaJc+AqY3szCEmhfuT0+E96Bw2k+G/XRnaedZ9SHSdImlmq0 RmOFpWLr67ScvlA9YG1tyR+QYraEFqK5EB6qhOWRJoz1BYtAAntK9b9gUTXt/277sT7lAWaj oPi4CDd4DofHc4E9VRsniMQNMLCWqc/ygAK07cWbK2Rh90tS2C4nK6OHFkNkK94zDilfxod1 NBFTUPPYfEU2CSa3eLlpfhYY3/2X7zNvmmCt+chHUnAhQLhldQ3WlqmTKP+ZK9LX002/bY1O M8Zk76WyA/A3EfsIUbnXBQvFyjwX6W4QEytlZWtp/yRIe64JOa3dZ8rkhragb2N4VgVLBVe3 jtZgfQ72pHrfNk/T0uT+hjFqInvIYiXkhxB2GiD7Ga28VuXojTmeoaW3GKcvoVxONSju7WzD XgyxWRmNpd5uifJcC3YU3tNNAosnQ0/5FW4wkducSEVwwqnAiSMQEMDDa/e6oP6GyOzes5SV LTNCRYdHWVKbxjetYU4SKm5RdLx9XuJo0qL9vO97mCNwdNkTM7gO2ycQ49qUiGbCZJOh2gpP ZRFrpJDxbloosAfOEB6IYjhb38u6jvbScJKK3bWA+a8TK4SrQpdRd1cAnW9sA8jCTV8ejZq0 CHm5Ag0EWVWBigEQAJYuihAOOOe/kAn045Ayn+3is3S+6eV4IAgL6lJhoChkgUJJuFoRX9BY rd35z29+q2/UCoProzd4Mk66wXeWv6n4s5R79OUzjgMLCTVlVaMy4gjPL9NRDwMt7KYRF56g mnoKZwfPDi/oJ5toPPboW94FrMwonqbdqYM2Pyi/HPMe4e396WQ4TaA1CdhyzKHoFSpkGcjX zIQ5yQ5aaGS7wonRu/pg15dbu+8QOgxRNFa0bO+ntz/30u+VmxFqFVbExjuy3Or8fSBhJgx4 cfyrrunKLclpZ/52VeK3l53yWYpR8RaTZfzpu8Ih+ijAY4XLO5F8P1T6sEviMaTY2F0sbFRx ZJXsgFpiKeWPHUn7/LX7qcoFJYoFqG6b3n5km+qy39x6lMgJDuxKpeN6lYj//LB6xVzn0JI+ 4ZHPrEkFqxu8VkL7deCPTI67ZJik18jXjTH9sha1YBvgvxIPFMA7ZwXX2AwNu7PzdcCpWarS usOAHbjQBUsQ+ZPpI1oeFnsCPZ+8/mMcTjVRZyJxOPs3KnXZv2cXNuaa7lwkWS366gHzQI7O l6WdC8TyNjiOzR654cL8BgYQ/xNSW1vTXqPWSRU8/b/5IueY2tQJh0CKIvfoP0rk8976wa1R 8SRi08mwHX7+F5oSeXLRNHicQGpS1f0DywdRcQ0MFHyq/CV4dTltABEBAAGJAh8EGAEIAAkF AllVgYoCGwwACgkQdoOXo5EJFKkDNw//c8nailIVOV72l7Lze+2AuK9MYUCFb1i4qI1WTnG0 OHQlCAltPhdwZPAozJw/eNqIcuWQh8rZspve9ipj589wLSsVyaFRsuYXTiYZ9RlRsnJYa36h 2JML3ZGrRsSxaUEAggbiOKbwmw27JuOIPmC3Gln4tJuZ+nw6cfCgMI45bIzinVanxHwPLeLp BZKpaEYzAwtBykUfAXn3jDwrI95UlMJvhHDFuRgvb6uSyJIqmp5aR/BjnlSdEwICyWpRAVSt yqZeBMeHbCr1B97PIRzk/q0eHm9T+AoiZWwz1iVGGgkYdAaCfs2PBlNHmRm93cfgoEcaGvNb RbTXOe28niMJeYMQsnjOTy5AQIrhVKeP5E+qVs/oPK/inmLiTbjZcnrO2wR+uxpPGgmR6M/3 p8qyRdaOvT87HZXO+Wr+r9A4UnwhCPsfELwPlEo+TJQ/oE71Mlkx/ddQCWELcHjXrQF9YbzA Ml7g0zTkgHysh4DNkV5iYteOcmCwsWdOwn0H0yZfz6weyr8nEdPngyOjFNKMIpcTbeg8866c GxXAJj46dub4VdVwfvMRHfmmRJkjdId7YHWMgz2Kf7S7KPCROLis7WjlOdSS0q2m/7qy9WL/ ZW50YLS8ZZLMrnari5JxCyJX+8n6ZASo2AA93iTbKmYegK2LDwW1QLU1iAF3GyGOnSE= Message-ID: Date: Mon, 17 Feb 2020 16:42:06 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.2 (oceanview.tundraware.com [45.55.60.57]); Mon, 17 Feb 2020 16:42:12 -0600 (CST) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: 01HMgCEP009405 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, timed out) X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No X-Rspamd-Queue-Id: 48LzXz5dyRz4Rf5 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of tundra@tundraware.com designates 45.55.60.57 as permitted sender) smtp.mailfrom=tundra@tundraware.com X-Spamd-Result: default: False [0.83 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; NEURAL_SPAM_MEDIUM(0.44)[0.442,0]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.94)[-0.945,0]; DMARC_NA(0.00)[tundraware.com]; TO_DN_ALL(0.00)[]; IP_SCORE(0.64)[ip: (-2.05), ipnet: 45.55.32.0/19(3.82), asn: 14061(1.47), country: US(-0.05)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; ASN(0.00)[asn:14061, ipnet:45.55.32.0/19, country:US]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2020 22:43:33 -0000 On 2/17/20 10:47 AM, Andreas X wrote: > Hi again, > > The rule:  "65500   0     0 deny ip from table(10) to any"  was almost the last rule and I suspected it, therefore I wanted to move the rule upper, changed the command: > > ${FWCMD} 00350 add deny all from table\(10\) to any > > (adding rule number 00350), now ipfw successfully blocks the IPs in the table.  > My question is, why it didn't block the IPs when it had rule number 65500? (It might be the last rules, but still, it has "deny" command..shouldn't it do the job?) > > Thank you. I'm not sure, but you're using two different rules: deny ip from table(10) to any vs. add deny all from table\(10\) to any For sure, the first form is broken because you have to escape the parenthesis. Also, you 1st rule only blocks IP traffic, not ICMP like ping (I think, not sure). Any ipfw experts care to weigh in on this? -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/