blocking a string in a packet using ipfw

Willem Jan Withagen wjw at
Fri Sep 15 04:52:05 PDT 2006

Julian Elischer wrote:
>> Forgot to mention: 4.7-PRERELEASE :(
> ugh... no tables
> and 45000 lines will be bad.
> load an old PC with 6.2
> and seet it up as a bridge with 2 interfaces.
> and use ipfw table to filter on the bridge

If I could have easy access to the box, that would be the sollution. But the 
box is in Amsterdam in a Colo, and currently the rack is fully loaded. And 
we're not allowed to leave stuff standing outside the rack.

For now the storm generated by the virus has calmed, because the DNS address 
used was one that was easily changed without penalties of sites getting 
unavialable. So setting that to solved quite a lot. It still took a 
few hours to actually pickup every where. Over that time I collected over 
50.000 IP's which all ended up in IPFW. :) The box (PIII, 750 Mhz, 512Mb) 
started using a lot of system and interrupt time, but it survived it all.

Only to find out that it got whacked this morning again but now in some 
phpbb's, where they uploaded something like 45.000 viagra/spam messages. :(

But fortunately this convinced the customer that he really should upgrade both 
hardware and software. Something I've been asking for as long as I've set eyes 
on this server. Probably the hours now spent in repairing etc. could have 
better be invested in a new server.


More information about the freebsd-net mailing list