Blacklist IP file for IPFW?
Andreas X
hamdi20193d at gmail.com
Mon Feb 17 15:27:46 UTC 2020
Great answer! Thank you so much, Tim!
That's what I wanted to do.
Last question: Would /etc/rc.local be the best choice to run these (at
startup)? Or you'd perhaps have an another startup file, as suggestion..
Thank you once again,
Tim Daneliuk <tundra at tundraware.com>, 17 Şub 2020 Pzt, 17:51 tarihinde şunu
yazdı:
> On 2/17/20 8:36 AM, Andreas X wrote:
> <SNIP>
>
> > The list dramatically grows each week. How may I create a text file so
> that
> > IPFW would fetch these IPs from there directly? What's the simplest way
> to
> > do this please?
>
>
> Looping through a file and running an ipfw command each time gets super
> slow as
> the list gets long. ipfw tables are the better way to do this:
>
> FWCMD="ipfw -q" # Firewall command
> OIF=em0 # NIC to outside world
>
> # Address spaces we want blocked entirely are listed in this file
> NAUGHTYFILE=/usr/local/etc/firewall/naughtyIPs
>
> # Use ipfw tables for efficiency
>
> ipfw table 10 flush
> for addr in `cat ${NAUGHTYFILE}`
> do
> ${FWCMD} table 10 add ${addr}
> done
>
> ${FWCMD} add deny all from table\(10\) to any via ${OIF}
>
> The "naughty" file can have specific IPs or CIDR blocks in it, one
> per line:
>
> 95.87.0.0/18
> 95.87.192.0/18
> 96.246.220.34
> 96.30.64.0/18
> 98.143.148.107
>
>
>
>
> HTH,
>
> ----------------------------------------------------------------------------
> Tim Daneliuk tundra at tundraware.com
> PGP Key: http://www.tundraware.com/PGP/
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list