Date: Fri, 23 Nov 2012 15:58:55 +0100 From: Fleuriot Damien <ml@my.gd> To: David Demelier <demelier.david@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: PF and tables for disabling network Message-ID: <FE06D636-BD36-48E3-B1E8-5439AD27BE11@my.gd> In-Reply-To: <CAO%2BPfDefeN%2BiEL-0UeLa5oSL%2B0dz4DKTiwEnuWnyoxeowsiMpg@mail.gmail.com> References: <CAO%2BPfDefeN%2BiEL-0UeLa5oSL%2B0dz4DKTiwEnuWnyoxeowsiMpg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 23, 2012, at 3:46 PM, David Demelier <demelier.david@gmail.com> = wrote: > Hello, >=20 > I would like to disable the network traffic for specific IPs, for the > moment I just add to my pf.conf a rule that will block everything for = a > specified table like this : >=20 > table <closed> >=20 > [...] others rules [...] >=20 > block from <closed> >=20 > Then I just need to add my IP using pfctl, it will works, no packet = can be > send / recv to the machine, however if that machine had some active > connections, these won't be closed and they can still use them (a SSH > client, game, ...) >=20 > How can I disable everything then? >=20 > Cheers >=20 > --=20 > Demelier David First, you might want to use "block in quick on $externalif inet from = <closed>" , to have: - a quick rule, which stops ruleset evaluation immediately - a more specific rule, which applies only to your WAN interface's = inbound traffic Be careful with the quick keyword, it's going to match packets = immediately and entirely block these IPs. Then, if you want to kill the active connections from people in the = <closed> table, you might want to "script" a bit, like: for i in `pfctl -t closed -T show` do pfctl -kK $i done Would that do the trick for you ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FE06D636-BD36-48E3-B1E8-5439AD27BE11>