Simplest way to deny access to a class C
Nathan Vidican
nathan at vidican.com
Thu Mar 3 17:13:00 UTC 2011
Since you currently have NO firewall, then I would say the simplest method
would be to turn one on, and create an open ruleset allowing all traffic,
then add a filter rule to just block out what you do not want. However,
having said this is the simplest way - it is not the best or even a really
good way. Firewall should be inclusive; designed to only allow what you DO
want and ignore/drop everything else. Please see:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html for
a good explanation and overview. Some firewalls can be used as modules with
the generic kernel, some will require you to compile a custom kernel - again
there are advantages/disadvantages to either approach. Personally I use IPFW
for simple stuff, and PF when it gets more complex, but that's just me.
On Thu, Mar 3, 2011 at 11:59 AM, Jorge Biquez <jbiquez at intranet.com.mx>wrote:
> Hello all.
>
> I am sorry in advance if this question sounds too stupid.
>
> I have a small server for personal use of webpages running:
>
> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0
>
> it is working fine , no problem very stable.
>
> I just need to block some IP class C address that are always trying to
> "discover" directories or applications under the web server. They do not do
> and can not do anything since this server has nothing installed but i am
> tired of seeing in the logs all the intents they do every 2-3 seconds.
>
> I have not installed any kind of firewall yet.
> What do you think is the best way to accomplish this task? If possible the
> easiest one. I do not want to do anything else but just bloc IP's, at this
> moment at least.
>
> Thanks in advance.
>
> Jorge Biquez
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
--
Nathan Vidican
nathan at vidican.com
(519) 962-9987 (Canada)
(313) 586-1982 (USA)
More information about the freebsd-questions
mailing list