Date: Mon, 17 Sep 2007 23:30:03 -0300 From: Agus <agus.262@gmail.com> To: support@kinetix.gr Cc: freebsd-questions@freebsd.org Subject: Re: How to add rule with pfctl... Message-ID: <fda61bb50709171930l7508b458nca9320f3e3ee9cee@mail.gmail.com> In-Reply-To: <46EEB13C.4020509@kinetix.gr> References: <fda61bb50709151418r61b0e0b4rd889b517b954fae9@mail.gmail.com> <200709152336.27214.fbsd.questions@rachie.is-a-geek.net> <fda61bb50709170945u3a1fba81t8fa8244dbcfc5baf@mail.gmail.com> <46EEB13C.4020509@kinetix.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Agus wrote:
>
> 2007/9/15, Mel <fbsd.questions@rachie.is-a-geek.net> <fbsd.questions@rachie.is-a-geek.net>:
>
> On Saturday 15 September 2007 23:18:17 Agus wrote:
>
> I am trying to figure out how to add a firewall rule with pfctl...
> This is what i'm trying to do...
>
> I've got SEC that matches certain pattern and takes the IP from that and
> want to trigger a firewall rule to block that IP....
> Then after a couple of hours SEC will trigger the command to un-block
>
> the
>
> IP...
> So what i need is the command to block an IP address from command line,
>
> not
>
> touching any pf.conf....
>
> If you don't need to add a rule but an IP, then tables are your friend.
> Example for /etc/pf.conf:
> # Placeholder for spammers table, non-routable network IP.
> table <spammers> persist { 192.168.111.111 }
> # Block this traffic
> block return-rst in log on $ext_if proto tcp from <spammers> port smtp
>
> Then on the command line:
> /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
> And to delete:
> /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
>
> --
> Mel
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>
> Hi,
> I put this on /etc/pf.conf
> external_addr="192.168.1.11" which is the address of the only interface.
> This machine isn't a router.
>
> block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> $external_addr port ssh
>
> but when i try to connect from 192.168.0.1 i connect with no problems...this
> rule is to block access..
> What am i doing wrong..is my first time with pf...
>
> Thankss...
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" <freebsd-questions-unsubscribe@freebsd.org>
>
> 2007/9/17, Goltsios Theodore <tgol@kinetix.gr>:
Well I think that you mean to add this:
ext_if="rl0" # Or whatever your interface is ifconfig helps to find out
block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to $ext_if
port ssh
or even:
ext_if="rl0"
external_addr="192.168.1.11"
block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
$external_addr port ssh
Think of macros as variables. As long as you don't define them they don't
exist (are empty).
I knowTheodore, i've done it exactly like u put it....first declare macros
and then the rule....
but i couldn't block access to the machine....this rule is supposed to block
all access to port 22 on the machine coming from 192.168.0.1....but I can
access from there...
i checked pfctl -e
pfctl -sa
and everything seems to be loaded...
Thanks...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fda61bb50709171930l7508b458nca9320f3e3ee9cee>