AW: How to block IP range
Spenst, Aleksej
Aleksej.Spenst at harman.com
Mon Oct 27 16:45:44 UTC 2014
Hi Cris, Gary,
Thank you!
Will this generate 100 separate rules or just one rule?
If only one rule, how the number of IP addresses in the range influences the performance of pf?
> sh -c 'for ip in `jot 100 1 100`; do echo 10.0.0.$ip >> /etc/pf/blocked_hosts.table; done'
is it a typo? I got the error: "sh: jot: cannot execute - No such file or directory"
Thanks,
Aleksej.
-----Ursprüngliche Nachricht-----
Von: Cristiano Deana [mailto:cristiano.deana at gmail.com]
Gesendet: Montag, 27. Oktober 2014 17:31
An: Gary Palmer
Cc: Spenst, Aleksej; freebsd-pf at freebsd.org
Betreff: Re: How to block IP range
On Mon, Oct 27, 2014 at 5:24 PM, Gary Palmer <gpalmer at freebsd.org> wrote:
Hi
>> For example, I need to block only 100 IPs in the range:
>> 10.0.0.1-10.0.0.100
> tables?
>
> you can do things like
>
> table <blocked_hosts> persist file "/etc/pf/blocked_hosts.table"
> block in quick log on $ext_if_ipv4 from <blocked_hosts> to any
I'm adding the fast way to build the file:
sh -c 'for ip in `jot 100 1 100`; do echo 10.0.0.$ip >> /etc/pf/blocked_hosts.table; done'
--
Cris, member of G.U.F.I
Italian FreeBSD User Group
http://www.gufi.org/
More information about the freebsd-pf
mailing list