From owner-freebsd-questions@FreeBSD.ORG Fri Nov 23 14:59:00 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 22DDBEBD for ; Fri, 23 Nov 2012 14:59:00 +0000 (UTC) (envelope-from ml@my.gd) Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 8CD568FC14 for ; Fri, 23 Nov 2012 14:58:58 +0000 (UTC) Received: by mail-wg0-f50.google.com with SMTP id 12so4622095wgr.31 for ; Fri, 23 Nov 2012 06:58:57 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to:x-mailer :x-gm-message-state; bh=BO+TxJJTgcNjfKXorQu0S8Eail9tsKTdKIJl/bvNAH0=; b=m9+Eg7FCoXX4KNUF5filpyVNSD9dtVMdgvNyqFvoRcNdduSQbGa/E41F89QZNzakKA t0AYuOQDhXSi3cnSSCu9+SNWSFf050qQ3mq94L8/w0hRGbg8o0LB1RY6jbp/Qmor2t1s 0rG2maOeYBJHrRENNS/wW0bGAPqaQoSaAzraaz/0ikt3X+hZ9w8c2av4oRdHhn5Qab8j XqapKeVHd/mK5RjhASu/z+0laie/igc0yRWIN+Ub6QdgYeg1g6tPBgmzns52RuRFner9 wmFDkH6xnTN8JQLo7RTzLtW5p9QqMl9MOa+R3wEp8V+LRfqZtHwfuiSMEAfYAx6UIvUl tBAg== Received: by 10.180.102.71 with SMTP id fm7mr10174692wib.5.1353682737843; Fri, 23 Nov 2012 06:58:57 -0800 (PST) Received: from dfleuriot-at-hi-media.com ([83.167.62.196]) by mx.google.com with ESMTPS id eu8sm8901062wib.1.2012.11.23.06.58.56 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 23 Nov 2012 06:58:57 -0800 (PST) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) Subject: Re: PF and tables for disabling network From: Fleuriot Damien In-Reply-To: Date: Fri, 23 Nov 2012 15:58:55 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: David Demelier X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQkbzeAF3vUU6zRAAucXaW62U694VjijQX+uYU2JYJ9fAtj5a6B496ztZAawr2+U5lLyar+A Cc: freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Nov 2012 14:59:00 -0000 On Nov 23, 2012, at 3:46 PM, David Demelier = wrote: > Hello, >=20 > I would like to disable the network traffic for specific IPs, for the > moment I just add to my pf.conf a rule that will block everything for = a > specified table like this : >=20 > table >=20 > [...] others rules [...] >=20 > block from >=20 > Then I just need to add my IP using pfctl, it will works, no packet = can be > send / recv to the machine, however if that machine had some active > connections, these won't be closed and they can still use them (a SSH > client, game, ...) >=20 > How can I disable everything then? >=20 > Cheers >=20 > --=20 > Demelier David First, you might want to use "block in quick on $externalif inet from = " , to have: - a quick rule, which stops ruleset evaluation immediately - a more specific rule, which applies only to your WAN interface's = inbound traffic Be careful with the quick keyword, it's going to match packets = immediately and entirely block these IPs. Then, if you want to kill the active connections from people in the = table, you might want to "script" a bit, like: for i in `pfctl -t closed -T show` do pfctl -kK $i done Would that do the trick for you ?