Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Sep 2007 19:54:20 +0300
From:      Goltsios Theodore <tgol@kinetix.gr>
To:        Agus <agus.262@gmail.com>, freebsd-questions@freebsd.org
Subject:   Re: How to add rule with pfctl...
Message-ID:  <46EEB13C.4020509@kinetix.gr>
In-Reply-To: <fda61bb50709170945u3a1fba81t8fa8244dbcfc5baf@mail.gmail.com>
References:  <fda61bb50709151418r61b0e0b4rd889b517b954fae9@mail.gmail.com>	<200709152336.27214.fbsd.questions@rachie.is-a-geek.net> <fda61bb50709170945u3a1fba81t8fa8244dbcfc5baf@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help

Well I think that you mean to add this:

ext_if="rl0" # Or whatever your interface is ifconfig helps to find out
block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to 
$ext_if port ssh

or even:
ext_if="rl0"
external_addr="192.168.1.11"
block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to 
$external_addr port ssh

Think of macros as variables. As long as you don't define them they 
don't exist (are empty).


Agus wrote:
> 2007/9/15, Mel <fbsd.questions@rachie.is-a-geek.net>:
>   
>> On Saturday 15 September 2007 23:18:17 Agus wrote:
>>
>>     
>>> I am trying to figure out how to add a firewall rule with pfctl...
>>> This is what i'm trying to do...
>>>
>>> I've got SEC that matches certain pattern and takes the IP from that and
>>> want to trigger a firewall rule to block that IP....
>>> Then after a couple of hours SEC will trigger the command to un-block
>>>       
>> the
>>     
>>> IP...
>>> So what i need is the command to block an IP address from command line,
>>>       
>> not
>>     
>>> touching any pf.conf....
>>>       
>> If you don't need to add a rule but an IP, then tables are your friend.
>> Example for /etc/pf.conf:
>> # Placeholder for spammers table, non-routable network IP.
>> table <spammers> persist { 192.168.111.111 }
>> # Block this traffic
>> block return-rst in log on $ext_if proto tcp from <spammers> port smtp
>>
>> Then on the command line:
>> /sbin/pfctl -t spammers -Tadd ip.from.new.spammer
>> And to delete:
>> /sbin/pfctl -t spammers -Tdel ip.from.old.spammer
>>
>> --
>> Mel
>> _______________________________________________
>> freebsd-questions@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to "
>> freebsd-questions-unsubscribe@freebsd.org"
>>
>>     
>
>
> Hi,
> I put this on /etc/pf.conf
> external_addr="192.168.1.11" which is the address of the only interface.
> This machine isn't a router.
>
> block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to
> $external_addr port ssh
>
> but when i try to connect from 192.168.0.1 i connect with no problems...this
> rule is to block access..
> What am i doing wrong..is my first time with pf...
>
> Thankss...
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>   



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46EEB13C.4020509>