IPFW firewall and TCP ports

Carmel carmel_ny at hotmail.com
Wed Sep 29 12:16:51 UTC 2010

While perusing my Apache httpd-error.log, I noticed a large number of
attempts to access my phpmyadmin directory, as well as a few less know
others. Most of these probes originated from China. Since I have no
legitimate business dealing with that region, I decided to create a
table in my IPFW firewall to block them. This is an example:

## IPFW Firewall Rules

# Set rules command prefix
cmd="ipfw -q add"

# public interface name of NIC facing the public Internet

# Lets start by listing known bad IP addresses and blocking them. We
# will put them into a table for easier handling.

ipfw -q table 1 add
ipfw -q table 1 add

$cmd set 1 deny log all from table\(1\) to any in via $pif

The above is the first entry in my "rules" file. I know that IPFW is
working since I have blocked other ports for other services and it has
worked correctly.

The problem is that these IPs are not being blocked. I continue to see
them listed in the httpd-error.log. I have rebooted my machine and
therefore am quite certain that these rules are being loaded.

The problem is that I probably do not understand how to properly block
an IP or range of IPs from accessing my web server correctly. I would
really appreciate any assistance.

Carmel ✌
carmel_ny at hotmail.com

More information about the freebsd-questions mailing list