From owner-freebsd-questions@freebsd.org Tue Feb 18 07:34:50 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 602B525773D for ; Tue, 18 Feb 2020 07:34:50 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (enterprise.ximalas.info [IPv6:2001:700:1100:1::8]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "ximalas.info", Issuer "Hostmaster ximalas.info" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 48MCL04Nhdz4HXK for ; Tue, 18 Feb 2020 07:34:48 +0000 (UTC) (envelope-from trond.endrestol@ximalas.info) Received: from enterprise.ximalas.info (Ximalas@localhost [127.0.0.1]) by enterprise.ximalas.info (8.15.2/8.15.2) with ESMTPS id 01I7YYRk027570 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 18 Feb 2020 08:34:34 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ximalas.info; s=default; t=1582011275; bh=VufwfeC+065MSpQWnPypII73ZMIoAT9g/XyJAxMeIGE=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=bRZHP8G4xJmFvZ+c3d7J4Izg7cYHOADNQ2qDm21HsKzP+PkztBZHFfe1H11iRYIio 1+Z/qpTbajy2rHJH0YEENnrQ2PZV7f+yK7MnDPiEK9HxFlaR6nUC+bSo/JCkwSoKvk UwELWdHS5P7yn7L1BGTu0CVFTQfXWmi/4l2LcaKLaHFbw81Yy1DixCf0+qps3N6xjJ 8DUs0bS7hUoZDRWOmV1PA3ahCej5lS1dZ5CYRLF9HXBv61soHmiu7p/qiRhpvS/fXQ mfc9UdOP4+aUKq10yGFdsaic86tzM/O0I6TFtfKyQEs1WnUwfBrOWYoZBZjLfmCqna UcvqYuaqvdyKg== Received: from localhost (trond@localhost) by enterprise.ximalas.info (8.15.2/8.15.2/Submit) with ESMTP id 01I7YYmD027567; Tue, 18 Feb 2020 08:34:34 +0100 (CET) (envelope-from trond.endrestol@ximalas.info) X-Authentication-Warning: enterprise.ximalas.info: trond owned process doing -bs Date: Tue, 18 Feb 2020 08:34:34 +0100 (CET) From: =?UTF-8?Q?Trond_Endrest=C3=B8l?= Sender: Trond.Endrestol@ximalas.info To: Tim Daneliuk cc: FreeBSD Mailing List Subject: Re: Blacklist IP file for IPFW? In-Reply-To: Message-ID: References: <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com> User-Agent: Alpine 2.22 (BSF 395 2020-01-19) OpenPGP: url=http://ximalas.info/about/tronds-openpgp-public-key MIME-Version: 1.0 X-Spam-Status: No, score=-1.2 required=5.0 tests=ALL_TRUSTED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on enterprise.ximalas.info X-Rspamd-Queue-Id: 48MCL04Nhdz4HXK X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=ximalas.info header.s=default header.b=bRZHP8G4; dmarc=pass (policy=none) header.from=ximalas.info; spf=pass (mx1.freebsd.org: domain of trond.endrestol@ximalas.info designates 2001:700:1100:1::8 as permitted sender) smtp.mailfrom=trond.endrestol@ximalas.info X-Spamd-Result: default: False [-3.02 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; R_DKIM_ALLOW(-0.20)[ximalas.info:s=default]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+a]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; HAS_XAW(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[ximalas.info:+]; CTYPE_MIXED_BOGUS(1.00)[]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[ximalas.info,none]; IP_SCORE(-2.02)[ip: (-8.02), ipnet: 2001:700::/32(-1.36), asn: 224(-0.73), country: NO(-0.01)]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ASN(0.00)[asn:224, ipnet:2001:700::/32, country:NO]; RCVD_TLS_LAST(0.00)[] Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Feb 2020 07:34:50 -0000 On Mon, 17 Feb 2020 16:42-0600, Tim Daneliuk wrote: > On 2/17/20 10:47 AM, Andreas X wrote: > > Hi again, > > > > The rule:  "65500   0     0 deny ip from table(10) to any"  was almost the last rule and I suspected it, therefore I wanted to move the rule upper, changed the command: > > > > ${FWCMD} 00350 add deny all from table\(10\) to any > > > > (adding rule number 00350), now ipfw successfully blocks the IPs in the table.  > > My question is, why it didn't block the IPs when it had rule number 65500? (It might be the last rules, but still, it has "deny" command..shouldn't it do the job?) > > > > Thank you. > > I'm not sure, but you're using two different rules: > > deny ip from table(10) to any > > vs. > > add deny all from table\(10\) to any > > For sure, the first form is broken because you have to escape the parenthesis. True. > Also, you 1st rule only blocks IP traffic, not ICMP like ping (I think, not sure). "ip" or "all" matches both IPv4 and IPv6, regardless of the protocols higher up. Thus, these two rules are equivalent: deny all from table\(10\) to any deny ip from table\(10\) to any Escaping the parenthesis is still required. > Any ipfw experts care to weigh in on this? ipfw(8) sure is handy. -- Trond. From owner-freebsd-questions@freebsd.org Tue Feb 18 09:20:14 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 010D32597E4 for ; Tue, 18 Feb 2020 09:20:14 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) Received: from s1-b0c6.socketlabs.email-od.com (s1-b0c6.socketlabs.email-od.com [142.0.176.198]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 48MFgd08Hlz4GJF for ; Tue, 18 Feb 2020 09:20:12 +0000 (UTC) (envelope-from 4250.10.freebsd-questions=freebsd.org@email-od.com) DKIM-Signature: v=1; a=rsa-sha256; d=email-od.com;i=@email-od.com;s=dkim; c=relaxed/relaxed; q=dns/txt; t=1582017613; x=1584609613; h=content-transfer-encoding:content-type:mime-version:references:in-reply-to:message-id:subject:cc:to:from:date:x-thread-info; bh=D3UVGxC9v1aF4cYqlsNFjykT0vrA8sAj49SSadnj1p8=; b=Q8sLvYhXruEsaECWVyIIjHTJ252ph+GLhO0ZMNhAHIoDfxS5POsqwDkg9RkHK3Nbwm9NGf0ci4VrJ40Jg9SCpYVIyRxJiAK67MM1lCUfidiHjBbDQxc+mPg2kXWBEM++wuYvp3VUYsylFlfwliaZBp3Rjr7/UnRvfDZ/M1qLuAw= X-Thread-Info: NDI1MC4xMi43NDAwMDAwMDg4Yjc5NC5mcmVlYnNkLXF1ZXN0aW9ucz1mcmVlYnNkLm9yZw== Received: from r3.us-east-2.aws.in.socketlabs.com (r3.us-east-2.aws.in.socketlabs.com [142.0.189.3]) by mxsg2.email-od.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Tue, 18 Feb 2020 04:20:02 -0500 Received: from smtp.lan.sohara.org (EMTPY [185.202.17.215]) by r3.us-east-2.aws.in.socketlabs.com with ESMTP(version=Tls12 cipher=Aes256 bits=256); Tue, 18 Feb 2020 04:20:01 -0500 Received: from [192.168.63.1] (helo=steve.lan.sohara.org) by smtp.lan.sohara.org with smtp (Exim 4.92.3 (FreeBSD)) (envelope-from ) id 1j3z2t-0005TR-N4; Tue, 18 Feb 2020 09:19:59 +0000 Date: Tue, 18 Feb 2020 09:19:59 +0000 From: Steve O'Hara-Smith To: Tomasz CEDRO Cc: FreeBSD Questions Mailing List , FreeBSD Stable Subject: Re: [FreeBSD-Announce] FreeBSD 12.0 end-of-life Message-Id: <20200218091959.b0220ac75bcfbbced91a5708@sohara.org> In-Reply-To: References: <20200217231452.717FA1E820@freefall.freebsd.org> X-Mailer: Sylpheed 3.7.0 (GTK+ 2.24.32; amd64-portbld-freebsd12.0) X-Clacks-Overhead: "GNU Terry Pratchett" Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48MFgd08Hlz4GJF X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=email-od.com header.s=dkim header.b=Q8sLvYhX; dmarc=none; spf=pass (mx1.freebsd.org: domain of 4250.10.freebsd-questions=freebsd.org@email-od.com designates 142.0.176.198 as permitted sender) smtp.mailfrom=4250.10.freebsd-questions=freebsd.org@email-od.com X-Spamd-Result: default: False [-1.89 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.987,0]; R_DKIM_ALLOW(-0.20)[email-od.com:s=dkim]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[3]; R_SPF_ALLOW(-0.20)[+ip4:142.0.176.0/20]; MV_CASE(0.50)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[sohara.org]; FORGED_SENDER_VERP_SRS(0.00)[]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; RCVD_COUNT_THREE(0.00)[4]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[email-od.com:+]; RCVD_IN_DNSWL_NONE(0.00)[198.176.0.142.list.dnswl.org : 127.0.15.0]; ENVFROM_VERP(0.00)[]; IP_SCORE(0.09)[ip: (-0.25), ipnet: 142.0.176.0/22(0.52), asn: 7381(0.26), country: US(-0.05)]; FORGED_SENDER(0.00)[steve@sohara.org,4250.10.freebsd-questions=freebsd.org@email-od.com]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:7381, ipnet:142.0.176.0/22, country:US]; FROM_NEQ_ENVFROM(0.00)[steve@sohara.org,4250.10.freebsd-questions=freebsd.org@email-od.com]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Feb 2020 09:20:14 -0000 On Tue, 18 Feb 2020 04:23:35 +0100 Tomasz CEDRO wrote: > Why so short End-Of-Life? Why so many fast and short releases? What for? The new(ish) release and support policy has been announced and well documented, this should come as no surprise to anyone. -- Steve O'Hara-Smith