From owner-freebsd-ipfw@FreeBSD.ORG Fri Feb 6 10:09:59 2004 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7738916A4CE for ; Fri, 6 Feb 2004 10:09:59 -0800 (PST) Received: from mail.sandvine.com (sandvine.com [199.243.201.138]) by mx1.FreeBSD.org (Postfix) with ESMTP id C894143D46 for ; Fri, 6 Feb 2004 10:09:57 -0800 (PST) (envelope-from don@sandvine.com) Received: by mail.sandvine.com with Internet Mail Service (5.5.2657.72) id ; Fri, 6 Feb 2004 13:09:56 -0500 Message-ID: From: Don Bowman To: "'Jack L. Stone'" , freebsd-ipfw@freebsd.org Date: Fri, 6 Feb 2004 13:09:48 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2657.72) Content-Type: text/plain; charset="iso-8859-1" Subject: RE: Syntax to block 38 IPs X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Feb 2004 18:09:59 -0000 From: Jack L. Stone [mailto:jacks@sage-american.com] > > Am running IPFW on FBSD-4.8p14 > > For almost a year (or more), one of my servers has been hammered by > redalert.com, a service to which I do not subscribe. My > efforts to get them > to stop has gone ignored. Every night, the server is peppered > with their > "taps". > > Thus, it's time to use a firewall rule to stop it. The > problem is that they > use a broad range of source IPs. The list I show here is only > for the past > 4 days. I don't want to block any innocent IPs and wondered > how I could > best create a rule(s) to stop the 38 IPs below without 38 > individual lines > in the rules...?? > > Appreciate help! Thanks! deny ip from { 209.102.202.131, 209.102.202.132, ...} to any this uses IPFW2 I think. from the shell, remember to escape the { as \{. you could also send a RST i suppose, but just dropping it is best.