Blacklist IP file for IPFW?
Tim Daneliuk
tundra at tundraware.com
Mon Feb 17 22:43:33 UTC 2020
On 2/17/20 10:47 AM, Andreas X wrote:
> Hi again,
>
> The rule: "65500 0 0 deny ip from table(10) to any" was almost the last rule and I suspected it, therefore I wanted to move the rule upper, changed the command:
>
> ${FWCMD} 00350 add deny all from table\(10\) to any
>
> (adding rule number 00350), now ipfw successfully blocks the IPs in the table.
> My question is, why it didn't block the IPs when it had rule number 65500? (It might be the last rules, but still, it has "deny" command..shouldn't it do the job?)
>
> Thank you.
I'm not sure, but you're using two different rules:
deny ip from table(10) to any
vs.
add deny all from table\(10\) to any
For sure, the first form is broken because you have to escape the parenthesis.
Also, you 1st rule only blocks IP traffic, not ICMP like ping (I think, not sure).
Any ipfw experts care to weigh in on this?
--
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the freebsd-questions
mailing list