Date: Wed, 29 Sep 2010 08:16:47 -0400 From: Carmel <carmel_ny@hotmail.com> To: FreeBSD <freebsd-questions@freebsd.org> Subject: IPFW firewall and TCP ports Message-ID: <BLU0-SMTP201E6E521042FA57939C8BB93670@phx.gbl>
next in thread | raw e-mail | index | archive | help
While perusing my Apache httpd-error.log, I noticed a large number of attempts to access my phpmyadmin directory, as well as a few less know others. Most of these probes originated from China. Since I have no legitimate business dealing with that region, I decided to create a table in my IPFW firewall to block them. This is an example: ## IPFW Firewall Rules # Set rules command prefix cmd="ipfw -q add" # public interface name of NIC facing the public Internet pif="nfe0" # Lets start by listing known bad IP addresses and blocking them. We # will put them into a table for easier handling. ipfw -q table 1 add 60.0.0.0/8 ipfw -q table 1 add 61.0.0.0/8 $cmd set 1 deny log all from table\(1\) to any in via $pif The above is the first entry in my "rules" file. I know that IPFW is working since I have blocked other ports for other services and it has worked correctly. The problem is that these IPs are not being blocked. I continue to see them listed in the httpd-error.log. I have rebooted my machine and therefore am quite certain that these rules are being loaded. The problem is that I probably do not understand how to properly block an IP or range of IPs from accessing my web server correctly. I would really appreciate any assistance. -- Carmel ✌ carmel_ny@hotmail.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BLU0-SMTP201E6E521042FA57939C8BB93670>