From owner-freebsd-questions@freebsd.org  Tue Feb 18 12:45:52 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id CA7D125F78F
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Tue, 18 Feb 2020 12:45:52 +0000 (UTC)
 (envelope-from hamdi20193d@gmail.com)
Received: from mail-vs1-xe36.google.com (mail-vs1-xe36.google.com
 [IPv6:2607:f8b0:4864:20::e36])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48MLDt305Rz3Gtt
 for <freebsd-questions@freebsd.org>; Tue, 18 Feb 2020 12:45:49 +0000 (UTC)
 (envelope-from hamdi20193d@gmail.com)
Received: by mail-vs1-xe36.google.com with SMTP id t12so12540553vso.13
 for <freebsd-questions@freebsd.org>; Tue, 18 Feb 2020 04:45:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=ktzbNxiTiFRNMWlIFSkiZlzEEDk6w3lwD64I75zDR20=;
 b=nIIEMrQ75yC5j0LOPcBP6Wi02MtBWv0bGSRL8pYQ5n7ZJ/74wasfpKsZS6FgOQkulh
 GkWwsn3Nc9p59MCsua75lMmPAWoqDi3IQt6wJ8TitRCJpagl2FPp8r4IWBsVA31czUog
 E+bPsD4m0h9X0xdth9gD5rSbc3QEHXFAuvTcgAJ8vC8Dt9UNd4VBPhVBM0Q5W/XRcu9w
 s89iOjtpQAnO7IOO6m46cO3u7GHBIiao82bJ6UWadQJdxI2Z2PV5VEV8hCrBa00FGqqP
 6BpDaByRxfpl488Y8zp6X69h/u+owH3tjKWA51JE/aLatfGVrN1NZp5uOLtDAvtbHlYu
 qjKQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=ktzbNxiTiFRNMWlIFSkiZlzEEDk6w3lwD64I75zDR20=;
 b=NCGYkyWLo4d7s0eqrQUHEqXq4FS0+4coL8dHlZ+f5YI57HJ4bqoU4vplCl/J1+kwhD
 OlGi8SaUSMSTJoPGrnmgdp/Pa54WxkJ27rBaITKCZ1FxCg3Z+j37aANbu6wbK2Bgd949
 MADXtzv0MOjGGN4f+sbwF9kE9+hG5cjf86otigTZ+qWG1xg5rY/7F4YlxPNWmrsGslbF
 zrw9qLWllHQnKFHqfww7MyyV3Qx6zXnCr23+ln8JjIi8N0rljEG7P7NUxTpFtF1E0iOi
 samnvZvcI75ESUgmP9lI1TXuyMCt2n8EHY9wQQi1mBel4243lD/Ub+Er5FeN+v8XU8ya
 dtaw==
X-Gm-Message-State: APjAAAXBqx1wsKR//pAWKbsf28nuEpHXjHEN7UHwKIbcl5L5K6nkRJs9
 12GndWWfH1OpHv/Qr3MW+93pUh7L9GQCb7E6Dcp7zaRK
X-Google-Smtp-Source: APXvYqyq0Qagtz48DiVOu8SfjJCf9OwD/FMPoUjp4SZzh9TftTLxy6HIQX1aD9lbWbi8Wg+8Y7b5fdn/+aRjdi1VZFo=
X-Received: by 2002:a05:6102:485:: with SMTP id
 n5mr10689045vsa.149.1582029948590; 
 Tue, 18 Feb 2020 04:45:48 -0800 (PST)
MIME-Version: 1.0
References: <CAEW8WPsMvq7bdAQ4cu=RYZQ=PfXMmbUUQ-yi_0qUAjt-nWTf=Q@mail.gmail.com>
 <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com>
 <CAEW8WPunc9+-7qybkrnDep3R08ApgjBkA2n=fi+yU8psTJRkNg@mail.gmail.com>
 <CAEW8WPtqeFDahGMN8h4qijXe6oug7H6uEyG2hTuqs53G2K98eA@mail.gmail.com>
 <e3aa5e53-606b-7ad4-b529-5891cf509fbf@tundraware.com>
 <alpine.BSF.2.22.395.2002180821310.6036@enterprise.ximalas.info>
In-Reply-To: <alpine.BSF.2.22.395.2002180821310.6036@enterprise.ximalas.info>
From: Andreas X <hamdi20193d@gmail.com>
Date: Tue, 18 Feb 2020 15:45:38 +0300
Message-ID: <CAEW8WPuirfT-uq2XOBf+1w6StXQLEtSpCgAEELL5pLtthk9tog@mail.gmail.com>
Subject: Re: Blacklist IP file for IPFW?
To: =?UTF-8?Q?Trond_Endrest=C3=B8l?= <trond.endrestol@ximalas.info>
Cc: Tim Daneliuk <tundra@tundraware.com>, 
 FreeBSD Mailing List <freebsd-questions@freebsd.org>
X-Rspamd-Queue-Id: 48MLDt305Rz3Gtt
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=nIIEMrQ7;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of hamdi20193d@gmail.com designates
 2607:f8b0:4864:20::e36 as permitted sender)
 smtp.mailfrom=hamdi20193d@gmail.com
X-Spamd-Result: default: False [-1.00 / 15.00];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 FREEMAIL_FROM(0.00)[gmail.com]; URI_COUNT_ODD(1.00)[3];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 FROM_EQ_ENVFROM(0.00)[];
 IP_SCORE(0.00)[ip: (-9.58), ipnet: 2607:f8b0::/32(-1.89), asn: 15169(-1.68),
 country: US(-0.05)]; SUBJECT_ENDS_QUESTION(1.00)[];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000,0];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org];
 IP_SCORE_FREEMAIL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[6.3.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org
 : 127.0.5.0]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Feb 2020 12:45:52 -0000

Thank you all for your replies,

"For sure, the first form is broken because you have to escape the
parenthesis."
As I stated earlier, that was just the output of:
ipfw show | grep "table" command.

root@test:~ # ipfw show | grep "table"
00350 17065 1026829 deny ip from table(10) to any


My script blocks the IPs I wanted to, ONLY if I set the rule number to
*earlier* numbers, such as:
${FWCMD} 00350 add deny all from table\(10\) to any

Question is: If I don't add  the rule number 00350 to that command, that
rule gets located to 65000s, and ipfw doesn't block the IPs in table, at
all. I wanted to ask why such react, shouldn't IPFW still do the job (deny)
even if the rule number belongs to last ones?

Thank you!




Trond Endrest=C3=B8l <trond.endrestol@ximalas.info>, 18 =C5=9Eub 2020 Sal, =
10:35
tarihinde =C5=9Funu yazd=C4=B1:

> On Mon, 17 Feb 2020 16:42-0600, Tim Daneliuk wrote:
>
> > On 2/17/20 10:47 AM, Andreas X wrote:
> > > Hi again,
> > >
> > > The rule:  "65500   0     0 deny ip from table(10) to any"  was
> almost the last rule and I suspected it, therefore I wanted to move the
> rule upper, changed the command:
> > >
> > > ${FWCMD} 00350 add deny all from table\(10\) to any
> > >
> > > (adding rule number 00350), now ipfw successfully blocks the IPs in
> the table.
> > > My question is, why it didn't block the IPs when it had rule number
> 65500? (It might be the last rules, but still, it has "deny"
> command..shouldn't it do the job?)
> > >
> > > Thank you.
> >
> > I'm not sure, but you're using two different rules:
> >
> > deny ip from table(10) to any
> >
> > vs.
> >
> > add deny all from table\(10\) to any
> >
> > For sure, the first form is broken because you have to escape the
> parenthesis.
>
> True.
>
> > Also, you 1st rule only blocks IP traffic, not ICMP like ping (I think,
> not sure).
>
> "ip" or "all" matches both IPv4 and IPv6, regardless of the protocols
> higher up. Thus, these two rules are equivalent:
>
> deny all from table\(10\) to any
> deny ip  from table\(10\) to any
>
> Escaping the parenthesis is still required.
>
> > Any ipfw experts care to weigh in on this?
>
> ipfw(8) sure is handy.
>
> --
> Trond.
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>