Syntax to block 38 IPs

Fri Feb 6 12:18:06 PST 2004

Thanks, folks for the suggestions. I was planning to do the #2 suggestion
here, BUT, a pleasant surprise happened -- I just now received a message
from an official who is contacting the ReadAlert team to (hopefully)
resolve this issue on their server so the FW won't be necessary. I'll keep
an eye on the logs.

Now, I'd better begin a more complete study of IPFW2....

At 10:59 PM 2.6.2004 +0300, Vasenin Alexander aka BlackSir wrote:
>To upgrade to IPFW2 you need to recompile the kernel with IPFW2 option,
>recompile 'libalias' library and 'ipfw' control program. man ipfw would
>help. I'm not sure, but I suppose IPFW2 don't marked STABLE for 4.x
>With ipfw1 there are 2 ways to sovle your problem:
>1. Just add 38 lines to your rule list and forget about it
>2. ipfw deny ip from 209.102.202.0/24
>    ipfw deny ip from 65.194.51.0/24
>
>> -----Original Message-----
>> From: owner-freebsd-ipfw at freebsd.org
>> [mailto:owner-freebsd-ipfw at freebsd.org]On Behalf Of Jack L. Stone
>> Sent: Friday, February 06, 2004 9:54 PM
>> To: Luigi Rizzo; Don Bowman
>> Cc: freebsd-ipfw at freebsd.org
>> Subject: Re: Syntax to block 38 IPs
>>
>>
>> TopPost:
>> Thanks for the quick responses.
>>
>> So, I gather under IPFW(#1), it's either 38 lines or upgrade to IPFW2
>>
>> I haven't had time to study IPFW2 too well, although I know how
>> to upgrade.
>> A follow-up question is that, if I do upgrade, will IPFW2 still use my old
>> rules until I can get around to tuning/tweaking...??
>>
>> At 10:13 AM 2.6.2004 -0800, Luigi Rizzo wrote:
>> >On Fri, Feb 06, 2004 at 01:09:48PM -0500, Don Bowman wrote:
>> >...
>> >> deny ip from { 209.102.202.131, 209.102.202.132, ...} to any
>> >
>> >this is still inefficient. Better to use
>> >
>> >	deny ip from 209.102.202.0/24{131,132,157,190,1,86} ...
>> >
>> >which uses a bitmap to represent the list of hosts and has constant
>> >processing time as opposed to having to scan a list.
>> >
>> >	cheers
>> >	luigi
>> >
>> >> this uses IPFW2 I think.
>> >>
>> >> from the shell, remember to escape the { as \{.
>> >>
>> >> you could also send a RST i suppose, but just dropping it is
>> >> best.
>> >>
>> >> _______________________________________________
>> >> freebsd-ipfw at freebsd.org mailing list
>> >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>> >
>> >
>>
>> Best regards,
>> Jack L. Stone,
>> Administrator
>>
>> Sage American
>> http://www.sage-american.com
>> jacks at sage-american.com
>> _______________________________________________
>> freebsd-ipfw at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
>>
>
>

Best regards,
Jack L. Stone,
Administrator

Sage American
http://www.sage-american.com
jacks at sage-american.com