Syntax to block 38 IPs

Vasenin Alexander aka BlackSir blacksir at number.ru
Fri Feb 6 12:01:12 PST 2004


To upgrade to IPFW2 you need to recompile the kernel with IPFW2 option,
recompile 'libalias' library and 'ipfw' control program. man ipfw would
help. I'm not sure, but I suppose IPFW2 don't marked STABLE for 4.x
With ipfw1 there are 2 ways to sovle your problem:
1. Just add 38 lines to your rule list and forget about it
2. ipfw deny ip from 209.102.202.0/24
    ipfw deny ip from 65.194.51.0/24

> -----Original Message-----
> From: owner-freebsd-ipfw at freebsd.org
> [mailto:owner-freebsd-ipfw at freebsd.org]On Behalf Of Jack L. Stone
> Sent: Friday, February 06, 2004 9:54 PM
> To: Luigi Rizzo; Don Bowman
> Cc: freebsd-ipfw at freebsd.org
> Subject: Re: Syntax to block 38 IPs
>
>
> TopPost:
> Thanks for the quick responses.
>
> So, I gather under IPFW(#1), it's either 38 lines or upgrade to IPFW2
>
> I haven't had time to study IPFW2 too well, although I know how
> to upgrade.
> A follow-up question is that, if I do upgrade, will IPFW2 still use my old
> rules until I can get around to tuning/tweaking...??
>
> At 10:13 AM 2.6.2004 -0800, Luigi Rizzo wrote:
> >On Fri, Feb 06, 2004 at 01:09:48PM -0500, Don Bowman wrote:
> >...
> >> deny ip from { 209.102.202.131, 209.102.202.132, ...} to any
> >
> >this is still inefficient. Better to use
> >
> >	deny ip from 209.102.202.0/24{131,132,157,190,1,86} ...
> >
> >which uses a bitmap to represent the list of hosts and has constant
> >processing time as opposed to having to scan a list.
> >
> >	cheers
> >	luigi
> >
> >> this uses IPFW2 I think.
> >>
> >> from the shell, remember to escape the { as \{.
> >>
> >> you could also send a RST i suppose, but just dropping it is
> >> best.
> >>
> >> _______________________________________________
> >> freebsd-ipfw at freebsd.org mailing list
> >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
> >
> >
>
> Best regards,
> Jack L. Stone,
> Administrator
>
> Sage American
> http://www.sage-american.com
> jacks at sage-american.com
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>



More information about the freebsd-ipfw mailing list