Blacklist IP file for IPFW?

[Trond Endrestøl]

On Mon, 17 Feb 2020 16:42-0600, Tim Daneliuk wrote:

> On 2/17/20 10:47 AM, Andreas X wrote:
> > Hi again,
> > 
> > The rule:  "65500   0     0 deny ip from table(10) to any"  was almost the last rule and I suspected it, therefore I wanted to move the rule upper, changed the command:
> > 
> > ${FWCMD} 00350 add deny all from table\(10\) to any
> > 
> > (adding rule number 00350), now ipfw successfully blocks the IPs in the table. 
> > My question is, why it didn't block the IPs when it had rule number 65500? (It might be the last rules, but still, it has "deny" command..shouldn't it do the job?)
> > 
> > Thank you.
> 
> I'm not sure, but you're using two different rules:
> 
> deny ip from table(10) to any
> 
> vs.
> 
> add deny all from table\(10\) to any
> 
> For sure, the first form is broken because you have to escape the parenthesis.

True.

> Also, you 1st rule only blocks IP traffic, not ICMP like ping (I think, not sure).

"ip" or "all" matches both IPv4 and IPv6, regardless of the protocols 
higher up. Thus, these two rules are equivalent:

deny all from table\(10\) to any
deny ip  from table\(10\) to any

Escaping the parenthesis is still required.

> Any ipfw experts care to weigh in on this?

ipfw(8) sure is handy.

-- 
Trond.