Date: Tue, 18 Feb 2020 08:34:34 +0100 (CET) From: =?UTF-8?Q?Trond_Endrest=C3=B8l?= <trond.endrestol@ximalas.info> To: Tim Daneliuk <tundra@tundraware.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Blacklist IP file for IPFW? Message-ID: <alpine.BSF.2.22.395.2002180821310.6036@enterprise.ximalas.info> In-Reply-To: <e3aa5e53-606b-7ad4-b529-5891cf509fbf@tundraware.com> References: <CAEW8WPsMvq7bdAQ4cu=RYZQ=PfXMmbUUQ-yi_0qUAjt-nWTf=Q@mail.gmail.com> <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com> <CAEW8WPunc9%2B-7qybkrnDep3R08ApgjBkA2n=fi%2ByU8psTJRkNg@mail.gmail.com> <CAEW8WPtqeFDahGMN8h4qijXe6oug7H6uEyG2hTuqs53G2K98eA@mail.gmail.com> <e3aa5e53-606b-7ad4-b529-5891cf509fbf@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 17 Feb 2020 16:42-0600, Tim Daneliuk wrote:
> On 2/17/20 10:47 AM, Andreas X wrote:
> > Hi again,
> >
> > The rule: "65500 0 0 deny ip from table(10) to any" was almost the last rule and I suspected it, therefore I wanted to move the rule upper, changed the command:
> >
> > ${FWCMD} 00350 add deny all from table\(10\) to any
> >
> > (adding rule number 00350), now ipfw successfully blocks the IPs in the table.
> > My question is, why it didn't block the IPs when it had rule number 65500? (It might be the last rules, but still, it has "deny" command..shouldn't it do the job?)
> >
> > Thank you.
>
> I'm not sure, but you're using two different rules:
>
> deny ip from table(10) to any
>
> vs.
>
> add deny all from table\(10\) to any
>
> For sure, the first form is broken because you have to escape the parenthesis.
True.
> Also, you 1st rule only blocks IP traffic, not ICMP like ping (I think, not sure).
"ip" or "all" matches both IPv4 and IPv6, regardless of the protocols
higher up. Thus, these two rules are equivalent:
deny all from table\(10\) to any
deny ip from table\(10\) to any
Escaping the parenthesis is still required.
> Any ipfw experts care to weigh in on this?
ipfw(8) sure is handy.
--
Trond.
From owner-freebsd-questions@freebsd.org Tue Feb 18 09:20:14 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
by mailman.nyi.freebsd.org (Postfix) with ESMTP id 010D32597E4
for <freebsd-questions@mailman.nyi.freebsd.org>;
Tue, 18 Feb 2020 09:20:14 +0000 (UTC)
(envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com)
Received: from s1-b0c6.socketlabs.email-od.com
(s1-b0c6.socketlabs.email-od.com [142.0.176.198])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 48MFgd08Hlz4GJF
for <freebsd-questions@freebsd.org>; Tue, 18 Feb 2020 09:20:12 +0000 (UTC)
(envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com)
DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim;
c=relaxed/relaxed; q=dns/txt; t=1582017613; x=1584609613;
h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info;
bh=D3UVGxC9v1aF4cYqlsNFjykT0vrA8sAj49SSadnj1p8=;
b=Q8sLvYhXruEsaECWVyIIjHTJ252ph+GLhO0ZMNhAHIoDfxS5POsqwDkg9RkHK3Nbwm9NGf0ci4VrJ40Jg9SCpYVIyRxJiAK67MM1lCUfidiHjBbDQxc+mPg2kXWBEM++wuYvp3VUYsylFlfwliaZBp3Rjr7/UnRvfDZ/M1qLuAw=
X-Thread-Info: NDI1MC4xMi43NDAwMDAwMDg4Yjc5NC5mcmVlYnNkLXF1ZXN0aW9ucz1mcmVlYnNkLm9yZw==
Received: from r3.us-east-2.aws.in.socketlabs.com
(r3.us-east-2.aws.in.socketlabs.com [142.0.189.3]) by mxsg2.email-od.com
with ESMTP(version=Tls12 cipher=Aes256 bits=256);
Tue, 18 Feb 2020 04:20:02 -0500
Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by
r3.us-east-2.aws.in.socketlabs.com
with ESMTP(version=Tls12 cipher=Aes256 bits=256);
Tue, 18 Feb 2020 04:20:01 -0500
Received: from [192.168.63.1] (helo=steve.lan.sohara.org)
by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD))
(envelope-from <steve@sohara.org>)
id 1j3z2t-0005TR-N4; Tue, 18 Feb 2020 09:19:59 +0000
Date: Tue, 18 Feb 2020 09:19:59 +0000
From: Steve O'Hara-Smith <steve@sohara.org>
To: Tomasz CEDRO <tomek@cedro.info>
Cc: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org>, FreeBSD
Stable <freebsd-stable@freebsd.org>
Subject: Re: [FreeBSD-Announce] FreeBSD 12.0 end-of-life
Message-Id: <20200218091959.b0220ac75bcfbbced91a5708@sohara.org>
In-Reply-To: <CAFYkXjmZi1-MB6W0HsMx9gHek7Xg5heoSKKWkNTnw74dxRTwAw@mail.gmail.com>
References: <20200217231452.717FA1E820@freefall.freebsd.org>
<CAFYkXjmZi1-MB6W0HsMx9gHek7Xg5heoSKKWkNTnw74dxRTwAw@mail.gmail.com>
X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0)
X-Clacks-Overhead: "GNU Terry Pratchett"
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 48MFgd08Hlz4GJF
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
dkim=pass header.d=email-od.com header.s=dkim header.b=Q8sLvYhX;
dmarc=none; spf=pass (mx1.freebsd.org: domain of
4250.10.freebsd-questions=freebsd.org@email-od.com designates 142.0.176.198
as permitted sender)
smtp.mailfrom=4250.10.freebsd-questions=freebsd.org@email-od.com
X-Spamd-Result: default: False [-1.89 / 15.00]; ARC_NA(0.00)[];
NEURAL_HAM_MEDIUM(-0.99)[-0.987,0];
R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[];
RCPT_COUNT_THREE(0.00)[3];
R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; MV_CASE(0.50)[];
MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org];
FORGED_SENDER_VERP_SRS(0.00)[];
NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_COUNT_THREE(0.00)[4];
TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[];
DKIM_TRACE(0.00)[email-od.com:+];
RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0];
ENVFROM_VERP(0.00)[];
IP_SCORE(0.09)[ip: (-0.25), ipnet: 142.0.176.0/22(0.52), asn: 7381(0.26),
country: US(-0.05)];
FORGED_SENDER(0.00)[steve@sohara.org,4250.10.freebsd-questions=freebsd.org@email-od.com];
MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[];
ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US];
FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.10.freebsd-questions=freebsd.org@email-od.com];
MID_RHS_MATCH_FROM(0.00)[]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>,
<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>;
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2020 09:20:14 -0000
On Tue, 18 Feb 2020 04:23:35 +0100
Tomasz CEDRO <tomek@cedro.info> wrote:
> Why so short End-Of-Life? Why so many fast and short releases? What for?
The new(ish) release and support policy has been announced and well
documented, this should come as no surprise to anyone.
--
Steve O'Hara-Smith <steve@sohara.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.22.395.2002180821310.6036>