Quickly ban an IP IPFW?

Polytropon freebsd at edvax.de
Tue Feb 11 12:10:24 UTC 2020


On Mon, 10 Feb 2020 10:03:44 +0300, Andreas X wrote:
> I have IPFW enabled like follows:
> 
> firewall_enable="YES"
> firewall_quiet="YES"
> firewall_type="workstation"
> firewall_logdeny="NO"
> firewall_allowservices="any"
> firewall_myservices="53/tcp 53/udp 10025/tcp 10024/tcp 25/tcp 993/tcp
> 995/tcp 465/tcp 587/tcp 5665/tcp 80/tcp 443/tcp 2053/tcp 3306/tcp"
> 
> (No rules file, the ones above suits my needs perfectly)
> 
> How to quickly (and permanently) ban an IP using IPFW without having any
> log?
> 
> There's an IP address scanning almost all my services 24/7, would like to
> permanently ban.

You could probably do this with a manual entry in /etc/rc.local:

	#!/bin/sh
	/sbin/ipfw add deny tcp from <IP> to any in

If you do not add the "log" keyword, the denied (dropped) packets
will not be logged. If you see more than TCP packets, use "all"
instead of "tcp" in the rule.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...


More information about the freebsd-questions mailing list