Date: Mon, 27 Aug 2007 09:54:07 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Aminuddin <amin.scg@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: How to block 200K ip addresses? Message-ID: <20070827145406.GB71842@dan.emsphone.com> In-Reply-To: <46d27138.07ec720a.0343.ffffbba7@mx.google.com> References: <20070826061435.GD25055@dan.emsphone.com> <46d27138.07ec720a.0343.ffffbba7@mx.google.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Aug 27), Aminuddin said: > Will give this a try. Since my server is a remote server that I can > accessed only by ssh, what are other rules do I need to add in? I > don't want to have a situation where I will lock myself out. The safest method is to have a serial console configured, so even if you completely mess up your firewall you can still get to it. Otherwise, add some rules as the very beginning that permit traffic to/from the server you are ssh'ing in from, and start off using "count log" rules instead of "deny", so you can tell which packets are being matched. > Is it correct to say that the rules that I put in will only block > those in the rules and allow all that are not in the rules? ipfw always has a final rule 65536, which is either "allow ip from any to any" or "deny ip from any to any" depending on whether the kernel option "IPFIREWALL_DEFAULT_TO_ACCEPT" was set or not. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070827145406.GB71842>