IPFW firewall and TCP ports
Bas Smeelen
b.smeelen at ose.nl
Wed Sep 29 12:51:26 UTC 2010
On 09/29/2010 02:16 PM, Carmel wrote:
> While perusing my Apache httpd-error.log, I noticed a large number of
> attempts to access my phpmyadmin directory, as well as a few less know
> others. Most of these probes originated from China. Since I have no
> legitimate business dealing with that region, I decided to create a
> table in my IPFW firewall to block them. This is an example:
>
>
> ## IPFW Firewall Rules
>
> # Set rules command prefix
> cmd="ipfw -q add"
>
> # public interface name of NIC facing the public Internet
> pif="nfe0"
>
> # Lets start by listing known bad IP addresses and blocking them. We
> # will put them into a table for easier handling.
>
> ipfw -q table 1 add 60.0.0.0/8
> ipfw -q table 1 add 61.0.0.0/8
>
> $cmd set 1 deny log all from table\(1\) to any in via $pif
>
> The above is the first entry in my "rules" file. I know that IPFW is
> working since I have blocked other ports for other services and it has
> worked correctly.
>
> The problem is that these IPs are not being blocked. I continue to see
> them listed in the httpd-error.log. I have rebooted my machine and
> therefore am quite certain that these rules are being loaded.
>
> The problem is that I probably do not understand how to properly block
> an IP or range of IPs from accessing my web server correctly. I would
> really appreciate any assistance.
>
>
There is an archived thread on the freebsd forums
http://forums.freebsd.org/archive/index.php/t-10181.html
And a long list of ranges on http://www.parkansky.com/china.htm with
uses apaches features to block these address ranges
I see this also on our webservers, but it doesn't bother those servers or me
Maybe try blocken those ranges first with a rule for each to get the
right subnets and put them in a table afterwards?
DISCLAIMER: This e-mail is for the intended recipient(s) only. Access, disclosure, copying,
distribution or reliance on any of it by anyone else is prohibited. If you have received it
by mistake please let us know by reply and then delete it from your system.
More information about the freebsd-questions
mailing list