From owner-freebsd-questions@freebsd.org Tue Feb 11 01:45:25 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 269E924A603 for ; Tue, 11 Feb 2020 01:45:25 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48Glw359kQz4KTv for ; Tue, 11 Feb 2020 01:45:23 +0000 (UTC) (envelope-from luzar722@gmail.com) Received: by mail-io1-xd2a.google.com with SMTP id n21so9907330ioo.10 for ; Mon, 10 Feb 2020 17:45:23 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-transfer-encoding; bh=yNoIRWA7BRpW7McxodE6ew1q24ZFXC5tPFD8L1dugyM=; b=XSdIQjRg8SEzW0kEq9/iRxlOZUfcZLkyC2TIiX/QJqSUqpFlGXUAgHMTgvM05CWz8g RavpNfseRnhHO7lcs1Trg2CZRyHHwe/Rw2+HNsUvYDZcFxxJT3m5T2o6u0yNPjnZ22ZG U3vq1Kp0S0OTqEhQxjDTu/ircdJuMzZ+BeFlZPUGUDlrFl1a8B7kusL16NZZTu0w8DJg 5Eo7N61U3rQQdRqfkbkWo1EOfAh7kzJMLUuvIl4sjucACsdOGZFHIOXOPx7uSNqsrwka cdA/7boaQh0xlQf1/K88h4OcEQsajEDJZf+UxvMj/p46t1AwY0xqrVXJ7N8rrbTc94pR 7f8A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-transfer-encoding; bh=yNoIRWA7BRpW7McxodE6ew1q24ZFXC5tPFD8L1dugyM=; b=S6lOTey00pdl9N7FUMF6h52fONWnv4A6kIeBD8RUazUKJVSofKPD2Im7996qDM9sXa 3bzBPiXSpgcxhQk+hwBNCea9p3dqRKWv13SnfIOoM9FzohF3DPs3ky2hMQ0o2ng/MRJO I5UNwGFfm+rJqj5ysh4kMOtJgRoX8y98XwNTlPSRTb0yGMKyNWosHjCYJt3122X3J9CP w2vHi+HXlmUqjOQNgEOyTO65GUUDsRzYsjHIx1KlxCFCacIgIOt0tFnvB7UJVco+wqlj H87O5xsq/PYY0SJEMHV/c+4Ba2+Z99Y+M/UupBNBanNx6U9KAS8oWsMSCbqYA6ppoVmb fmYA== X-Gm-Message-State: APjAAAWAJD21vbee3sNgVi6vTDtHTHBvH8vdbIPvrZJk1SUaLGG6tgHo awqLENVUXjDDcp2n7jRy9Vg= X-Google-Smtp-Source: APXvYqz30mjHoWLkrA/dSJsP6PM6mKhzkvi4AfPRNBTSE6lK9nJ8ZSqJe+eWkQ6gwYU+41YhzFE2Fw== X-Received: by 2002:a6b:c9c6:: with SMTP id z189mr11282488iof.285.1581385522524; Mon, 10 Feb 2020 17:45:22 -0800 (PST) Received: from [10.0.10.8] (cpe-65-25-53-210.neo.res.rr.com. [65.25.53.210]) by smtp.googlemail.com with ESMTPSA id v7sm571998iom.58.2020.02.10.17.45.21 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 10 Feb 2020 17:45:21 -0800 (PST) Message-ID: <5E420731.8040803@gmail.com> Date: Mon, 10 Feb 2020 20:45:21 -0500 From: Ernie Luzar User-Agent: Thunderbird 2.0.0.24 (Windows/20100228) MIME-Version: 1.0 To: Andreas X CC: freebsd-questions@freebsd.org Subject: Re: Quickly ban an IP IPFW? References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 48Glw359kQz4KTv X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=XSdIQjRg; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of luzar722@gmail.com designates 2607:f8b0:4864:20::d2a as permitted sender) smtp.mailfrom=luzar722@gmail.com X-Spamd-Result: default: False [-2.00 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; FREEMAIL_FROM(0.00)[gmail.com]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FREEMAIL_TO(0.00)[gmail.com]; RECEIVED_SPAMHAUS_PBL(0.00)[210.53.25.65.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.10]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com.dwl.dnswl.org : 127.0.5.0]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; IP_SCORE_FREEMAIL(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[a.2.d.0.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.4.6.8.4.0.b.8.f.7.0.6.2.list.dnswl.org : 127.0.5.0]; IP_SCORE(0.00)[ip: (-6.62), ipnet: 2607:f8b0::/32(-1.95), asn: 15169(-1.72), country: US(-0.05)]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 11 Feb 2020 01:45:25 -0000 Andreas X wrote: > I have IPFW enabled like follows: > > firewall_enable="YES" > firewall_quiet="YES" > firewall_type="workstation" > firewall_logdeny="NO" > firewall_allowservices="any" > firewall_myservices="53/tcp 53/udp 10025/tcp 10024/tcp 25/tcp 993/tcp > 995/tcp 465/tcp 587/tcp 5665/tcp 80/tcp 443/tcp 2053/tcp 3306/tcp" > > (No rules file, the ones above suits my needs perfectly) > > How to quickly (and permanently) ban an IP using IPFW without having any > log? > > There's an IP address scanning almost all my services 24/7, would like to > permanently ban. > > Thanks. There are a few ports that do this for you. Check out the port system.