Blacklist IP file for IPFW?
Andreas X
hamdi20193d at gmail.com
Mon Feb 17 15:55:09 UTC 2020
Dear Tim,
I applied your suggestion, however it seems IPFW doesn't ban the IP
addresses in the list. (I've added a useless VPS IP of mine in the list, to
test it, but I could still ping the server from that IP)
Here's my script as per your suggestion:
#!/bin/sh
FWCMD="ipfw -q"
LISTX=/usr/local/etc/fw/banlist.txt
ipfw table 10 create
ipfw table 10 flush
for addr in `cat ${LISTX}`
do
${FWCMD} table 10 add ${addr}
done
${FWCMD} add deny all from table\(10\) to any
And ipfw show | grep "table" command outputs:
"65500 0 0 deny ip from table(10) to any" so it seems the IPs are
added. But none of them are blocked.
I restarted IPFW too, and re-run the script again, no solution.
Any idea?
Thank you.
Tim Daneliuk <tundra at tundraware.com>, 17 Şub 2020 Pzt, 17:51 tarihinde şunu
yazdı:
> On 2/17/20 8:36 AM, Andreas X wrote:
> <SNIP>
>
> > The list dramatically grows each week. How may I create a text file so
> that
> > IPFW would fetch these IPs from there directly? What's the simplest way
> to
> > do this please?
>
>
> Looping through a file and running an ipfw command each time gets super
> slow as
> the list gets long. ipfw tables are the better way to do this:
>
> FWCMD="ipfw -q" # Firewall command
> OIF=em0 # NIC to outside world
>
> # Address spaces we want blocked entirely are listed in this file
> NAUGHTYFILE=/usr/local/etc/firewall/naughtyIPs
>
> # Use ipfw tables for efficiency
>
> ipfw table 10 flush
> for addr in `cat ${NAUGHTYFILE}`
> do
> ${FWCMD} table 10 add ${addr}
> done
>
> ${FWCMD} add deny all from table\(10\) to any via ${OIF}
>
> The "naughty" file can have specific IPs or CIDR blocks in it, one
> per line:
>
> 95.87.0.0/18
> 95.87.192.0/18
> 96.246.220.34
> 96.30.64.0/18
> 98.143.148.107
>
>
>
>
> HTH,
>
> ----------------------------------------------------------------------------
> Tim Daneliuk tundra at tundraware.com
> PGP Key: http://www.tundraware.com/PGP/
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>
More information about the freebsd-questions
mailing list