How to block 200K ip addresses?
Dan Nelson
dnelson at allantgroup.com
Mon Aug 27 07:54:08 PDT 2007
In the last episode (Aug 27), Aminuddin said:
> Will give this a try. Since my server is a remote server that I can
> accessed only by ssh, what are other rules do I need to add in? I
> don't want to have a situation where I will lock myself out.
The safest method is to have a serial console configured, so even if
you completely mess up your firewall you can still get to it.
Otherwise, add some rules as the very beginning that permit traffic
to/from the server you are ssh'ing in from, and start off using "count
log" rules instead of "deny", so you can tell which packets are being
matched.
> Is it correct to say that the rules that I put in will only block
> those in the rules and allow all that are not in the rules?
ipfw always has a final rule 65536, which is either "allow ip from any
to any" or "deny ip from any to any" depending on whether the kernel
option "IPFIREWALL_DEFAULT_TO_ACCEPT" was set or not.
--
Dan Nelson
dnelson at allantgroup.com
More information about the freebsd-questions
mailing list