Simplest way to deny access to a class C

Nathan Vidican nathan at
Thu Mar 3 17:13:00 UTC 2011

Since you currently have NO firewall, then I would say the simplest method
would be to turn one on, and create an open ruleset allowing all traffic,
then add a filter rule to just block out what you do not want. However,
having said this is the simplest way - it is not the best or even a really
good way. Firewall should be inclusive; designed to only allow what you DO
want and ignore/drop everything else. Please see: for
a good explanation and overview. Some firewalls can be used as modules with
the generic kernel, some will require you to compile a custom kernel - again
there are advantages/disadvantages to either approach. Personally I use IPFW
for simple stuff, and PF when it gets more complex, but that's just me.

On Thu, Mar 3, 2011 at 11:59 AM, Jorge Biquez <jbiquez at>wrote:

> Hello all.
> I am sorry in advance if this question sounds too stupid.
> I have a small server for personal use of webpages running:
> it is working fine , no problem very stable.
> I just need to block some IP class C address that are always trying to
> "discover" directories or applications under the web server. They do not do
> and can not do anything since this server has nothing installed but i am
> tired of seeing in the logs all the intents they do every 2-3 seconds.
> I have not installed any kind of firewall yet.
> What do you think is the best way to accomplish this task? If possible the
> easiest one. I do not want to do anything else but just bloc IP's, at this
> moment at least.
> Thanks in advance.
> Jorge Biquez
> _______________________________________________
> freebsd-questions at mailing list
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at"

Nathan Vidican
nathan at
(519) 962-9987 (Canada)
(313) 586-1982 (USA)

More information about the freebsd-questions mailing list