From owner-freebsd-questions@FreeBSD.ORG Wed Sep 29 12:51:25 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E19E0106564A for ; Wed, 29 Sep 2010 12:51:25 +0000 (UTC) (envelope-from b.smeelen@ose.nl) Received: from mail.ose.nl (mail.ose.nl [212.178.134.164]) by mx1.freebsd.org (Postfix) with ESMTP id 53B0B8FC16 for ; Wed, 29 Sep 2010 12:51:24 +0000 (UTC) Received: from localhost ([127.0.0.1]) by mail.ose.nl for freebsd-questions@freebsd.org; Wed, 29 Sep 2010 14:51:24 +0200 Message-ID: <4CA3364C.7000700@ose.nl> Date: Wed, 29 Sep 2010 14:51:24 +0200 From: Bas Smeelen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.12) Gecko/20100915 Thunderbird/3.0.8 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Subject: Re: IPFW firewall and TCP ports X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Sep 2010 12:51:26 -0000 On 09/29/2010 02=3A16 PM=2C Carmel wrote=3A =3E While perusing my Apache httpd-error=2Elog=2C I noticed a large number= of =3E attempts to access my phpmyadmin directory=2C as well as a few less kno= w =3E others=2E Most of these probes originated from China=2E Since I have no= =3E legitimate business dealing with that region=2C I decided to create a= =3E table in my IPFW firewall to block them=2E This is an example=3A =3E =3E =3E =23=23 IPFW Firewall Rules =3E =3E =23 Set rules command prefix =3E cmd=3D=22ipfw -q add=22 =3E =3E =23 public interface name of NIC facing the public Internet =3E pif=3D=22nfe0=22 =20 =3E =3E =23 Lets start by listing known bad IP addresses and blocking them=2E W= e =3E =23 will put them into a table for easier handling=2E =3E =3E ipfw -q table 1 add 60=2E0=2E0=2E0/8 =3E ipfw -q table 1 add 61=2E0=2E0=2E0/8 =3E =3E =24cmd set 1 deny log all from table=5C=281=5C=29 to any in via =24pif= =3E =3E The above is the first entry in my =22rules=22 file=2E I know that IPFW= is =3E working since I have blocked other ports for other services and it has= =3E worked correctly=2E =3E =3E The problem is that these IPs are not being blocked=2E I continue to se= e =3E them listed in the httpd-error=2Elog=2E I have rebooted my machine and= =3E therefore am quite certain that these rules are being loaded=2E =3E =3E The problem is that I probably do not understand how to properly block= =3E an IP or range of IPs from accessing my web server correctly=2E I would= =3E really appreciate any assistance=2E =3E =3E =20 There is an archived thread on the freebsd forums http=3A//forums=2Efreebsd=2Eorg/archive/index=2Ephp/t-10181=2Ehtml And a long list of ranges on http=3A//www=2Eparkansky=2Ecom/china=2Ehtm wit= h uses apaches features to block these address ranges I see this also on our webservers=2C but it doesn=27t bother those servers= or me Maybe try blocken those ranges first with a rule for each to get the right subnets and put them in a table afterwards=3F DISCLAIMER=3A This e-mail is for the intended recipient=28s=29 only=2E Acce= ss=2C disclosure=2C copying=2C distribution or reliance on any of it by anyone else is prohibited=2E If yo= u have received it by mistake please let us know by reply and then delete it from your system= =2E