PF and tables for disabling network
David Demelier
demelier.david at gmail.com
Sat Nov 24 16:06:20 UTC 2012
On 23/11/2012 15:58, Fleuriot Damien wrote:
>
> On Nov 23, 2012, at 3:46 PM, David Demelier <demelier.david at gmail.com> wrote:
>
>> Hello,
>>
>> I would like to disable the network traffic for specific IPs, for the
>> moment I just add to my pf.conf a rule that will block everything for a
>> specified table like this :
>>
>> table <closed>
>>
>> [...] others rules [...]
>>
>> block from <closed>
>>
>> Then I just need to add my IP using pfctl, it will works, no packet can be
>> send / recv to the machine, however if that machine had some active
>> connections, these won't be closed and they can still use them (a SSH
>> client, game, ...)
>>
>> How can I disable everything then?
>>
>> Cheers
>>
>> --
>> Demelier David
>
>
> First, you might want to use "block in quick on $externalif inet from <closed>" , to have:
> - a quick rule, which stops ruleset evaluation immediately
> - a more specific rule, which applies only to your WAN interface's inbound traffic
>
> Be careful with the quick keyword, it's going to match packets immediately and entirely block these IPs.
>
>
> Then, if you want to kill the active connections from people in the <closed> table, you might want to "script" a bit, like:
>
> for i in `pfctl -t closed -T show`
> do
> pfctl -kK $i
> done
>
>
>
> Would that do the trick for you ?
>
Thank you that works very well :)
Cheers,
--
David Demelier
More information about the freebsd-questions
mailing list