Date: Fri, 23 Nov 2012 15:58:55 +0100 From: Fleuriot Damien <ml@my.gd> To: David Demelier <demelier.david@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: PF and tables for disabling network Message-ID: <FE06D636-BD36-48E3-B1E8-5439AD27BE11@my.gd> In-Reply-To: <CAO%2BPfDefeN%2BiEL-0UeLa5oSL%2B0dz4DKTiwEnuWnyoxeowsiMpg@mail.gmail.com> References: <CAO%2BPfDefeN%2BiEL-0UeLa5oSL%2B0dz4DKTiwEnuWnyoxeowsiMpg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 23, 2012, at 3:46 PM, David Demelier <demelier.david@gmail.com> wrote: > Hello, > > I would like to disable the network traffic for specific IPs, for the > moment I just add to my pf.conf a rule that will block everything for a > specified table like this : > > table <closed> > > [...] others rules [...] > > block from <closed> > > Then I just need to add my IP using pfctl, it will works, no packet can be > send / recv to the machine, however if that machine had some active > connections, these won't be closed and they can still use them (a SSH > client, game, ...) > > How can I disable everything then? > > Cheers > > -- > Demelier David First, you might want to use "block in quick on $externalif inet from <closed>" , to have: - a quick rule, which stops ruleset evaluation immediately - a more specific rule, which applies only to your WAN interface's inbound traffic Be careful with the quick keyword, it's going to match packets immediately and entirely block these IPs. Then, if you want to kill the active connections from people in the <closed> table, you might want to "script" a bit, like: for i in `pfctl -t closed -T show` do pfctl -kK $i done Would that do the trick for you ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE06D636-BD36-48E3-B1E8-5439AD27BE11>