From owner-freebsd-questions@FreeBSD.ORG Wed Sep 29 12:16:51 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3D6F6106566C for ; Wed, 29 Sep 2010 12:16:51 +0000 (UTC) (envelope-from carmel_ny@hotmail.com) Received: from blu0-omc4-s21.blu0.hotmail.com (blu0-omc4-s21.blu0.hotmail.com [65.55.111.160]) by mx1.freebsd.org (Postfix) with ESMTP id E0B448FC12 for ; Wed, 29 Sep 2010 12:16:50 +0000 (UTC) Received: from BLU0-SMTP201 ([65.55.111.137]) by blu0-omc4-s21.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675); Wed, 29 Sep 2010 05:16:50 -0700 X-Originating-IP: [71.77.39.64] X-Originating-Email: [carmel_ny@hotmail.com] Message-ID: Received: from scorpio.seibercom.net ([71.77.39.64]) by BLU0-SMTP201.phx.gbl over TLS secured channel with Microsoft SMTPSVC(6.0.3790.4675); Wed, 29 Sep 2010 05:16:49 -0700 Received: from scorpio (zeus [192.168.1.1]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: carmel_ny@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 464C6E54867 for ; Wed, 29 Sep 2010 08:16:48 -0400 (EDT) Date: Wed, 29 Sep 2010 08:16:47 -0400 From: Carmel To: FreeBSD Organization: seibercom.net X-Mailer: Claws Mail 3.7.6 (GTK+ 2.20.1; amd64-portbld-freebsd8.1) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAG1BMVEX3/uPVnZf2/v9ejGkqHB74++H///+cHCT3m6cgqYvfAAACbElEQVQ4jWXTQW/bIBQAYJLJuRMn8TVCss9zTdrrXJ6bHe1Ej/bossF9EpJ3nbapf3sP8JxOQ4qV8OU9HvjBROWcYNlKHtxlQ1/huBaOBiMwQtgHhbokMLIT76Acps5hvy61+6WsjkCZzNEW0+fcQ7Nl5uoPCegjjjhN5/MEABd89k9hXkQoX6cwPIDKCt8tYG5wpmdrxAyuolTPqpiVoEpVCWvl6e00RAD4JBJQnO4lvv0O4Cnd3WUGevYNFohxFYAy7jCCtW39LaQK8BgDAgiHVinVJlCiFKlcqgEHfwb1EuG+DwFGMO3oCIuJIEYoa8KJECBB+UBldgm0MQmEGz7GQr8XYRPKzYNO1zZ8mgdAu4BG5Ke/4KFboM8458UScViAAvYD93OAsu+Bc3zxCU7ZAjT74+dQv9K7oO0d1wuscop48Pc50O5bcVwgGzh/mXzaizJuAWERh8k3eaxKmxu4kV1p2XOEg3i3c8M+EKR93P0D1KATpC55vMHaGqFf5f/AwhlrhHgg8DTezopt6I3o3Qx4q4q6YaPxK8RxcClXeFGhTTS++QR6TS/oBs7l4WhzuNMubZG6hIBkF4qqZVdWczIqSrjKVF/i4o26IP2oElBGFy5CXKSnf6UWDTC6zKSqoAvzsakjjBvdzLKnmxdhY8eRsX7VSCUBdgD1hVJpx6y2OOS1DNDILYmqdWUJ+oHvd0rRvAqX5kpxQMR6yxHzPV6VlPFyWE7LKc36keNQI64gLP8Ybgtmg+zYuBl4fuI8VqW2RqDGE8Uzu7GxGa803whDdxx3bSZbRhfQUSxvmnpLZWpRFqHz7v8AvsBe0S1zv9UAAAAASUVORK5CYII= MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit X-OriginalArrivalTime: 29 Sep 2010 12:16:49.0321 (UTC) FILETIME=[312F4990:01CB5FD0] Subject: IPFW firewall and TCP ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2010 12:16:51 -0000 While perusing my Apache httpd-error.log, I noticed a large number of attempts to access my phpmyadmin directory, as well as a few less know others. Most of these probes originated from China. Since I have no legitimate business dealing with that region, I decided to create a table in my IPFW firewall to block them. This is an example: ## IPFW Firewall Rules # Set rules command prefix cmd="ipfw -q add" # public interface name of NIC facing the public Internet pif="nfe0" # Lets start by listing known bad IP addresses and blocking them. We # will put them into a table for easier handling. ipfw -q table 1 add 60.0.0.0/8 ipfw -q table 1 add 61.0.0.0/8 $cmd set 1 deny log all from table\(1\) to any in via $pif The above is the first entry in my "rules" file. I know that IPFW is working since I have blocked other ports for other services and it has worked correctly. The problem is that these IPs are not being blocked. I continue to see them listed in the httpd-error.log. I have rebooted my machine and therefore am quite certain that these rules are being loaded. The problem is that I probably do not understand how to properly block an IP or range of IPs from accessing my web server correctly. I would really appreciate any assistance. -- Carmel ✌ carmel_ny@hotmail.com