PF and tables for disabling network
Fleuriot Damien
ml at my.gd
Fri Nov 23 14:59:00 UTC 2012
On Nov 23, 2012, at 3:46 PM, David Demelier <demelier.david at gmail.com> wrote:
> Hello,
>
> I would like to disable the network traffic for specific IPs, for the
> moment I just add to my pf.conf a rule that will block everything for a
> specified table like this :
>
> table <closed>
>
> [...] others rules [...]
>
> block from <closed>
>
> Then I just need to add my IP using pfctl, it will works, no packet can be
> send / recv to the machine, however if that machine had some active
> connections, these won't be closed and they can still use them (a SSH
> client, game, ...)
>
> How can I disable everything then?
>
> Cheers
>
> --
> Demelier David
First, you might want to use "block in quick on $externalif inet from <closed>" , to have:
- a quick rule, which stops ruleset evaluation immediately
- a more specific rule, which applies only to your WAN interface's inbound traffic
Be careful with the quick keyword, it's going to match packets immediately and entirely block these IPs.
Then, if you want to kill the active connections from people in the <closed> table, you might want to "script" a bit, like:
for i in `pfctl -t closed -T show`
do
pfctl -kK $i
done
Would that do the trick for you ?
More information about the freebsd-questions
mailing list