Date: Thu, 3 Mar 2011 12:12:58 -0500 From: Nathan Vidican <nathan@vidican.com> To: Jorge Biquez <jbiquez@intranet.com.mx> Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C Message-ID: <AANLkTi=hB7kmAE7d1MAe=sHtbqL5ge18bGAC3s7f2nom@mail.gmail.com> In-Reply-To: <3382016411-764985335@intranet.com.mx> References: <3382016411-764985335@intranet.com.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
Since you currently have NO firewall, then I would say the simplest method would be to turn one on, and create an open ruleset allowing all traffic, then add a filter rule to just block out what you do not want. However, having said this is the simplest way - it is not the best or even a really good way. Firewall should be inclusive; designed to only allow what you DO want and ignore/drop everything else. Please see: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html for a good explanation and overview. Some firewalls can be used as modules with the generic kernel, some will require you to compile a custom kernel - again there are advantages/disadvantages to either approach. Personally I use IPFW for simple stuff, and PF when it gets more complex, but that's just me. On Thu, Mar 3, 2011 at 11:59 AM, Jorge Biquez <jbiquez@intranet.com.mx>wrote: > Hello all. > > I am sorry in advance if this question sounds too stupid. > > I have a small server for personal use of webpages running: > > 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 > > it is working fine , no problem very stable. > > I just need to block some IP class C address that are always trying to > "discover" directories or applications under the web server. They do not do > and can not do anything since this server has nothing installed but i am > tired of seeing in the logs all the intents they do every 2-3 seconds. > > I have not installed any kind of firewall yet. > What do you think is the best way to accomplish this task? If possible the > easiest one. I do not want to do anything else but just bloc IP's, at this > moment at least. > > Thanks in advance. > > Jorge Biquez > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -- Nathan Vidican nathan@vidican.com (519) 962-9987 (Canada) (313) 586-1982 (USA)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=hB7kmAE7d1MAe=sHtbqL5ge18bGAC3s7f2nom>