How to add rule with pfctl...
Agus
agus.262 at gmail.com
Mon Sep 17 07:05:11 PDT 2007
2007/9/15, Mel <fbsd.questions at rachie.is-a-geek.net>:
>
> On Saturday 15 September 2007 23:18:17 Agus wrote:
>
> > I am trying to figure out how to add a firewall rule with pfctl...
> > This is what i'm trying to do...
> >
> > I've got SEC that matches certain pattern and takes the IP from that and
> > want to trigger a firewall rule to block that IP....
> > Then after a couple of hours SEC will trigger the command to un-block
> the
> > IP...
> > So what i need is the command to block an IP address from command line,
> not
> > touching any pf.conf....
>
> If you don't need to add a rule but an IP, then tables are your friend.
> Example for /etc/pf.conf:
> # Placeholder for spammers table, non-routable network IP.
> table <spammers> persist { 192.168.111.111 }
> # Block this traffic
> block return-rst in log on $ext_if proto tcp from <spammers> port smtp
>
> Then on the command line:
> /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
> And to delete:
> /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
>
> --
> Mel
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
Great...Thanks Mel, this was what i was looking...although not fot spammers
but for ssh brute-force attacks detected by SEC....
Very nice...
See ya
PS: Question...Is there a log where i can look if pf is down, so i can check
with SEC...?
thanks
More information about the freebsd-questions
mailing list