From owner-freebsd-questions@freebsd.org  Tue Feb 11 12:10:24 2020
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 86A34232AF2
 for <freebsd-questions@mailman.nyi.freebsd.org>;
 Tue, 11 Feb 2020 12:10:24 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.126.187])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "mout.kundenserver.de",
 Issuer "TeleSec ServerPass Class 2 CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48H1nC4BV4z3Qs5
 for <freebsd-questions@freebsd.org>; Tue, 11 Feb 2020 12:10:23 +0000 (UTC)
 (envelope-from freebsd@edvax.de)
Received: from r56.edvax.de ([94.222.26.136]) by mrelayeu.kundenserver.de
 (mreue009 [212.227.15.167]) with ESMTPA (Nemesis) id
 1MLR5f-1ijgXH33x5-00ITLq; Tue, 11 Feb 2020 13:10:20 +0100
Date: Tue, 11 Feb 2020 13:10:19 +0100
From: Polytropon <freebsd@edvax.de>
To: Andreas X <hamdi20193d@gmail.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: Quickly ban an IP IPFW?
Message-Id: <20200211131019.dbcd2d8c.freebsd@edvax.de>
In-Reply-To: <CAEW8WPtX=vO91RgqNqp6dVs5-P2_D-k9WBOzOSSKfYGGwKm+Gg@mail.gmail.com>
References: <CAEW8WPtX=vO91RgqNqp6dVs5-P2_D-k9WBOzOSSKfYGGwKm+Gg@mail.gmail.com>
Reply-To: Polytropon <freebsd@edvax.de>
Organization: EDVAX
X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K1:6wJ0p1+606PC5TfCmdmUUheMu4HimKqbeDaluoM6qxuswCE+Lx+
 xbElxwV6xsXvBzqWvYdTELbtVTvtBqaJzCT+nl9FsiLmQ6xoI8hJR0/fWESikKcm5NsbCUI
 7docsDmS/7Hn7JnPuMUV7nxk1mbn7VgFwQyC3VN7RNiwLyb7+Uk9IVttuJycHNvke25ZAUq
 c8mUmm+OQlJ9qKkOQ2TJg==
X-Spam-Flag: NO
X-UI-Out-Filterresults: notjunk:1;V03:K0:Et4wzuU2H68=:Y53uVt4TBwdHv4MFYM+TwI
 V/FBvj9ts4evdz7i7Qp8BY/24iDC079UbZzvvp6DWU21Ln6ptCcKBZ8H2IwSBRxl0oh+SP1XB
 pSX8RqKVFDUW7fCOfMYwcFHMNkMeVdli3Wrkk3vXXvBBJH9o+GXCP79UK4mDb7gAYh+rU6XEX
 o8DE2++D5PO5VRTaWpouJpkGe2RSJultOgjCEwYkNLRC6ukEq06GFj3IOboaiK8r5RGnnKaJs
 sjPWQeavD08bU+vryP7FTTTV4280Diq/n3VbXtG52M5iXVtetOV6H51oFefJ/cWYvLcLpRk8w
 CJnyaZ2W17IEwoaqR7DAveGD0s9+5QC2jJspfT2hs4evuuadcsYERnORD8GXlGju5IDVwe1hv
 DcuChXPT1gYTV+g/R7RJtxO1pIt51y/WMP1Hz9C085dMq2yLhUsxrF7Q2KhPa+fTOKFk2jDxM
 mmlM0j2JC35XSnrF/KeBwLXQCicsAYbE8f38L2GK0gWn7PyJxHQ/cSbvgip4xMwL3In6x2NtG
 FHk2m6FAz/EDU8DWhFyt1yRIA0cX3RmO7ZTT2I/TKIrCSzz/2oZGJZ5JGPVtjW1K1uueb+Y2E
 VfEN9DgEUAjWUqt4KTW70e2KrGkCsqMxrox4lGNHkS9BZINChi+DXD2lX0vbd/bdrOAXiHhAv
 p0Xz73YILxtS0NM9gasHfLh4GU8LJ3ZTJOhut3kuDVSCIjjGRKqk/baK2PseP0uLQSnl3vVVY
 jh6Aj2j0P8r9T/TLzFb3Z6htZu5pd5aqER+aqRIpbFBvBt+CEXR1lknmwTi4A3NmnJE55NeF+
 8IAlqmleUrOeRQmhdxQbqDWQ2K9YP6a8HeAYthazYDgYkypoPqNi4shdtEq1+l9BkTgxarR
X-Rspamd-Queue-Id: 48H1nC4BV4z3Qs5
X-Spamd-Bar: ++++
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of freebsd@edvax.de has no SPF policy when
 checking 212.227.126.187) smtp.mailfrom=freebsd@edvax.de
X-Spamd-Result: default: False [4.52 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 HAS_REPLYTO(0.00)[freebsd@edvax.de]; TO_DN_SOME(0.00)[];
 MV_CASE(0.50)[]; HAS_ORG_HEADER(0.00)[];
 RCPT_COUNT_TWO(0.00)[2]; FREEMAIL_TO(0.00)[gmail.com];
 RECEIVED_SPAMHAUS_PBL(0.00)[136.26.222.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net
 : 127.0.0.11]; RCVD_TLS_LAST(0.00)[]; R_DKIM_NA(0.00)[];
 FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[];
 ASN(0.00)[asn:8560, ipnet:212.227.0.0/16, country:DE];
 ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.19)[-0.194,0];
 REPLYTO_EQ_FROM(0.00)[]; FROM_HAS_DN(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+];
 DMARC_NA(0.00)[edvax.de]; AUTH_NA(1.00)[];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_SPAM_LONG(1.00)[1.000,0];
 RCVD_IN_DNSWL_NONE(0.00)[187.126.227.212.list.dnswl.org : 127.0.5.0];
 MID_CONTAINS_FROM(1.00)[]; R_SPF_NA(0.00)[];
 RWL_MAILSPIKE_POSSIBLE(0.00)[187.126.227.212.rep.mailspike.net : 127.0.0.17]; 
 RCVD_COUNT_TWO(0.00)[2];
 IP_SCORE(0.32)[ip: (0.50), ipnet: 212.227.0.0/16(-1.12), asn: 8560(2.23),
 country: DE(-0.02)]
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Feb 2020 12:10:24 -0000

On Mon, 10 Feb 2020 10:03:44 +0300, Andreas X wrote:
> I have IPFW enabled like follows:
> 
> firewall_enable="YES"
> firewall_quiet="YES"
> firewall_type="workstation"
> firewall_logdeny="NO"
> firewall_allowservices="any"
> firewall_myservices="53/tcp 53/udp 10025/tcp 10024/tcp 25/tcp 993/tcp
> 995/tcp 465/tcp 587/tcp 5665/tcp 80/tcp 443/tcp 2053/tcp 3306/tcp"
> 
> (No rules file, the ones above suits my needs perfectly)
> 
> How to quickly (and permanently) ban an IP using IPFW without having any
> log?
> 
> There's an IP address scanning almost all my services 24/7, would like to
> permanently ban.

You could probably do this with a manual entry in /etc/rc.local:

	#!/bin/sh
	/sbin/ipfw add deny tcp from <IP> to any in

If you do not add the "log" keyword, the denied (dropped) packets
will not be logged. If you see more than TCP packets, use "all"
instead of "tcp" in the rule.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...