basic rule request - allow_all/block_bad
fbsdmail at dnswatch.com
fbsdmail at dnswatch.com
Wed Jan 21 05:08:42 PST 2009
Greetings Miroslav, and thank you for your reply...
On Sun, January 18, 2009 11:28 am, Miroslav Lachman wrote:
> infos at dnswatch.com wrote:
>
>> Greetings,
>> I know very little about creating an initial pf.conf.
>> I know /very/ /much/ that I want/need PF, and will need a fair amount
>> of time to "tune" pf to work optimally for each server. BUT, in an effort
>> to get started, I'm hoping that some kind soul will provide me with a
>> very basic pf.conf that will not interrupt the current
>> application/server block policies I already have in place - which is to
>> say; I currently block at the application/server, but hope to merge
>> (transfer) them to PF. So. can anyone share a pf.conf that will
>> allow all, but block ALL_EVIL_IP requests on ALL ports? In other words,
>> if I only wanted to block (drop) ALL traffic coming from a /single/ IP
>> address. How would I do it? I have one (active) NIC in each of my
>> servers, and there are anywhere from 3 to 12 IP's aliased to them above
>> and beyond the IP assigned to the host itself. All addresses are fully
>> qualified, internet route-able addresses (no internal/private IP's).
>>
>
> If you really need to block one IP, you can use following simple ruleset:
>
>
> block in quick from 10.20.30.40 to any pass all
>
> If you need to block more than one address, or you need easy
> manipulation with list of addresses, you can use tables in ruleset:
>
> table <badguys> persist file "/etc/pf.badguys.table" block in quick from
> <badguys> to any
> pass all
>
>
> You can put IPs in to persistent file /etc/pf.badguys.table, these IPs
> will be loaded in the boot time. You can add / remove address on the fly by
> pfctl command: pfctl -t badguys -T add 10.11.12.13 pfctl -t badguys -T
> delete 10.11.12.13
Thank you. That's perfect!
I seem to be stumped on one last issue;
All the information, and pf.conf files all provide for 2 interfaces -
INT_IF, and EXT_IF.
Assuming a single NIC (ethernet adapter), and only Internet routable
IP addresses, and a l0 (loopback). How would I define/use the 2 IF's?
Dummynet, maybe?
Thank you again for your thoughtful reply.
--Chris
>
> Miroslav Lachman
>
>
More information about the freebsd-pf
mailing list