From owner-freebsd-ipfw@FreeBSD.ORG Tue Aug 24 16:17:44 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C086B16A4CE for ; Tue, 24 Aug 2004 16:17:44 +0000 (GMT) Received: from makeworld.com (makeworld.com [198.92.228.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6F98643D1D for ; Tue, 24 Aug 2004 16:17:44 +0000 (GMT) (envelope-from racerx@makeworld.com) Received: from localhost (localhost.com [127.0.0.1]) by makeworld.com (Postfix) with ESMTP id 7813C62E1; Tue, 24 Aug 2004 11:17:43 -0500 (CDT) Received: from makeworld.com ([127.0.0.1]) by localhost (makeworld.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 49624-04; Tue, 24 Aug 2004 11:17:41 -0500 (CDT) Received: from [198.92.228.34] (racerx.makeworld.com [198.92.228.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by makeworld.com (Postfix) with ESMTP id E95A36299; Tue, 24 Aug 2004 11:17:40 -0500 (CDT) Message-ID: <412B6A23.1000708@makeworld.com> Date: Tue, 24 Aug 2004 11:17:39 -0500 From: Chris User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040809) X-Accept-Language: en-us, en MIME-Version: 1.0 To: FreeBSD - ipfw Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at makeworld.com - Isn't it ironic Subject: Denying multiple IP's X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Aug 2004 16:17:44 -0000 I'm working with a friend of mine w/ipfw. Below are IP's that are trying to hack in via ssh. I suggested to use something in the form of: # Allow in SFTP, SSH, and SCP from public Internet ${fwcmd} add 090 pass log tcp from xxx.xxx.xxx.xxx/29 to ${ip} 22 setup limit src-addr 4 But he mentions that he needs access to his box from potential client sites where the IP is unknown. There has to be a better way to block the below - suggestions? # # IPs that seem to want to get in REALLY bad... deny all tcp/udp from IPs. # ${fwcmd} add 300 deny tcp from 24.79.68.179 to any ${fwcmd} add 301 deny udp from 24.79.68.179 to any ${fwcmd} add 302 deny tcp from 64.246.20.123 to any ${fwcmd} add 303 deny udp from 64.246.20.123 to any ${fwcmd} add 304 deny tcp from 81.223.99.90 to any ${fwcmd} add 305 deny udp from 81.223.99.90 to any ${fwcmd} add 306 deny tcp from 140.112.124.123 to any ${fwcmd} add 307 deny udp from 140.112.124.123 to any ${fwcmd} add 308 deny tcp from 193.145.87.3 to any ${fwcmd} add 309 deny udp from 193.145.87.3 to any ${fwcmd} add 310 deny tcp from 203.186.157.37 to any ${fwcmd} add 311 deny udp from 203.186.157.37 to any ${fwcmd} add 312 deny tcp from 210.204.129.11 to any ${fwcmd} add 313 deny udp from 210.204.129.11 to any ${fwcmd} add 314 deny tcp from 211.60.219.250 to any ${fwcmd} add 315 deny udp from 211.60.219.250 to any ${fwcmd} add 316 deny tcp from 211.252.9.126 to any ${fwcmd} add 317 deny udp from 211.252.9.126 to any ${fwcmd} add 318 deny tcp from 218.21.129.105 to any ${fwcmd} add 319 deny udp from 218.21.129.105 to any ${fwcmd} add 320 deny tcp from 218.49.183.17 to any ${fwcmd} add 321 deny udp from 218.49.183.17 to any ${fwcmd} add 322 deny tcp from 218.102.19.78 to any ${fwcmd} add 323 deny udp from 218.102.19.78 to any ${fwcmd} add 324 deny tcp from 218.237.66.152 to any ${fwcmd} add 325 deny udp from 218.237.66.152 to any ${fwcmd} add 326 deny tcp from 221.3.131.80 to any ${fwcmd} add 327 deny udp from 221.3.131.80 to any # Everything else is denied by default -- Best regards, Chris The one time in the day that you lean back and relax is the one time the boss walks through the office.