Blocking traffic with PF
Frank Staals
f.staals at zonnet.nl
Sun Apr 24 07:07:58 PDT 2005
Hey everyone,
I would like to bock all traffic from one host, the problem is the data
isn't comming from that host anymore, it is redirected from my router, I
am using PF as firewall, this is te ruleset I wanted to use for it:
block in from { example.host.com , example2.secondhost.com } to any
but when I enable tcpdump when starting the application which triggers
the comming data from the hosts I want to block this is a piece of what
it shows ( with the -v option ) :
15:54:45.944499 IP Riza.FStaals.LAN.63681 >
SpeedTouch.FStaals.Lan.domain: 57330+ AAAA? example.host.com. (35)
15:54:45.974083 IP SpeedTouch.FStaals.Lan.domain >
Riza.FStaals.LAN.63681: 57330 1/0/0 CNAME example2.secondhost.com. (54)
15:54:45.974301 IP Riza.FStaals.LAN.65038 >
SpeedTouch.FStaals.Lan.domain: 57331+ A? example.host.com. (35)
15:54:45.986375 IP SpeedTouch.FStaals.Lan.domain >
Riza.FStaals.LAN.65038: 57331 2/0/0 CNAME example2.secondhost.com.[|domain]
15:54:45.986740 IP Riza.FStaals.LAN.63345 >
SpeedTouch.FStaals.Lan.domain: 57332+ AAAA? example2.secondhost.com. (32)
15:54:45.999378 IP SpeedTouch.FStaals.Lan.domain >
Riza.FStaals.LAN.63345: 57332 0/0/0 (32)
15:54:45.999509 IP Riza.FStaals.LAN.58187 >
SpeedTouch.FStaals.Lan.domain: 57333+ A? example2.secondhost.com. (32)
15:54:46.014454 IP SpeedTouch.FStaals.Lan.domain >
Riza.FStaals.LAN.58187: 57333 1/0/0 A 193.69.116.13 (48)
15:54:46.867432 IP Riza.FStaals.LAN.50980 >
SpeedTouch.FStaals.Lan.domain: 36113+ PTR? 138.0.0.10.in-addr.arpa. (41)
15:54:46.868404 IP SpeedTouch.FStaals.Lan.domain >
Riza.FStaals.LAN.50980: 36113* 1/0/0 PTR[|domain]
15:54:46.869032 IP Riza.FStaals.LAN.54487 >
SpeedTouch.FStaals.Lan.domain: 36114+ PTR? 13.116.69.193.in-addr.arpa. (44)
15:54:46.905268 IP SpeedTouch.FStaals.Lan.domain >
Riza.FStaals.LAN.54487: 36114 NXDomain* 0/0/0 (44 )
So the problem is that the data is redirected at my router (
SpeedTouch.FStaals.LAN ) to my laptop ( Riza.FStaals.LAN ) but I can't
block all the traffic from my router since all other data I do want to
receive. My router doesn't have an option to block specified URLs so I
can't do it there eighter.
Has anyone an Idea how I can block all the data from the 'bad-hosts' (
which I changed here in example.host.com and example2.secondhost.com )
Thanks in advance
Frank Staals
More information about the freebsd-questions
mailing list