Blacklist IP file for IPFW?
Tim Daneliuk
tundra at tundraware.com
Mon Feb 17 14:51:13 UTC 2020
On 2/17/20 8:36 AM, Andreas X wrote:
<SNIP>
> The list dramatically grows each week. How may I create a text file so that
> IPFW would fetch these IPs from there directly? What's the simplest way to
> do this please?
Looping through a file and running an ipfw command each time gets super slow as
the list gets long. ipfw tables are the better way to do this:
FWCMD="ipfw -q" # Firewall command
OIF=em0 # NIC to outside world
# Address spaces we want blocked entirely are listed in this file
NAUGHTYFILE=/usr/local/etc/firewall/naughtyIPs
# Use ipfw tables for efficiency
ipfw table 10 flush
for addr in `cat ${NAUGHTYFILE}`
do
${FWCMD} table 10 add ${addr}
done
${FWCMD} add deny all from table\(10\) to any via ${OIF}
The "naughty" file can have specific IPs or CIDR blocks in it, one
per line:
95.87.0.0/18
95.87.192.0/18
96.246.220.34
96.30.64.0/18
98.143.148.107
HTH,
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the freebsd-questions
mailing list