Block IP
Cordula's Web
cpghost at cordula.ws
Tue Nov 25 16:59:40 PST 2003
> Can I block a certain IP address at the machine or interface level using
> freebsd? (No at the Apache or Sendmail level).
Quick and dirty fix:
# route add 1.2.3.4 127.0.0.1
All ACKs to 1.2.3.4 would not be able to reach their destination,
and no TCP connections could be established this way. Moreoever,
no UDP or ICMP packets would reach the blocked IP address.
You can also block a whole subnet this way.
The real solution is to enable a firewall at the interface
level, or perhaps even add an ACL on your router (if you control
your upstream router).
--
Cordula's Web. http://www.cordula.ws/
More information about the freebsd-questions
mailing list