Blacklist IP file for IPFW?

Andreas X hamdi20193d at gmail.com
Mon Feb 17 15:55:09 UTC 2020 

Dear Tim,

I applied your suggestion, however it seems IPFW doesn't ban the IP
addresses in the list. (I've added a useless VPS IP of mine in the list, to
test it, but I could still ping the server from that IP)

Here's my script as per your suggestion:

#!/bin/sh
FWCMD="ipfw -q"

LISTX=/usr/local/etc/fw/banlist.txt

ipfw table 10 create
ipfw table 10 flush

for addr in `cat ${LISTX}`
  do
    ${FWCMD} table 10 add ${addr}
  done

${FWCMD} add deny all from table\(10\) to any


And ipfw show | grep "table" command outputs:
"65500   0     0 deny ip from table(10) to any" so it seems the IPs are
added. But none of them are blocked.

I restarted IPFW too, and re-run the script again, no solution.

Any idea?

Thank you.


Tim Daneliuk <tundra at tundraware.com>, 17 Şub 2020 Pzt, 17:51 tarihinde şunu
yazdı:

> On 2/17/20 8:36 AM, Andreas X wrote:
> <SNIP>
>
> > The list dramatically grows each week. How may I create a text file so
> that
> > IPFW would fetch these IPs from there directly? What's the simplest way
> to
> > do this please?
>
>
> Looping through a file and running an ipfw command each time gets super
> slow as
> the list gets long.  ipfw tables are the better way to do this:
>
>   FWCMD="ipfw -q"   # Firewall command
>   OIF=em0           # NIC to outside world
>
>   # Address spaces we want blocked entirely are listed in this file
>   NAUGHTYFILE=/usr/local/etc/firewall/naughtyIPs
>
>   # Use ipfw tables for efficiency
>
>   ipfw table 10 flush
>   for addr in `cat ${NAUGHTYFILE}`
>   do
>     ${FWCMD} table 10 add ${addr}
>   done
>
>   ${FWCMD} add deny all from table\(10\) to any via ${OIF}
>
> The "naughty" file can have specific IPs or CIDR blocks in it, one
> per line:
>
>   95.87.0.0/18
>   95.87.192.0/18
>   96.246.220.34
>   96.30.64.0/18
>   98.143.148.107
>
>
>
>
> HTH,
>
> ----------------------------------------------------------------------------
> Tim Daneliuk     tundra at tundraware.com
> PGP Key:         http://www.tundraware.com/PGP/
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list