From owner-freebsd-questions@FreeBSD.ORG Thu Mar 3 17:13:00 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C80DD1065680 for ; Thu, 3 Mar 2011 17:13:00 +0000 (UTC) (envelope-from nvidican@m2.vidican.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 650B58FC13 for ; Thu, 3 Mar 2011 17:12:59 +0000 (UTC) Received: by wwb31 with SMTP id 31so1698396wwb.31 for ; Thu, 03 Mar 2011 09:12:59 -0800 (PST) MIME-Version: 1.0 Received: by 10.216.71.13 with SMTP id q13mr1162929wed.21.1299172378797; Thu, 03 Mar 2011 09:12:58 -0800 (PST) Sender: nvidican@m2.vidican.com Received: by 10.216.93.5 with HTTP; Thu, 3 Mar 2011 09:12:58 -0800 (PST) X-Originating-IP: [136.1.1.105] In-Reply-To: <3382016411-764985335@intranet.com.mx> References: <3382016411-764985335@intranet.com.mx> Date: Thu, 3 Mar 2011 12:12:58 -0500 X-Google-Sender-Auth: 6XZH2zvZrv7QpzBcvL34EzFyih8 Message-ID: From: Nathan Vidican To: Jorge Biquez Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2011 17:13:00 -0000 Since you currently have NO firewall, then I would say the simplest method would be to turn one on, and create an open ruleset allowing all traffic, then add a filter rule to just block out what you do not want. However, having said this is the simplest way - it is not the best or even a really good way. Firewall should be inclusive; designed to only allow what you DO want and ignore/drop everything else. Please see: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html for a good explanation and overview. Some firewalls can be used as modules with the generic kernel, some will require you to compile a custom kernel - again there are advantages/disadvantages to either approach. Personally I use IPFW for simple stuff, and PF when it gets more complex, but that's just me. On Thu, Mar 3, 2011 at 11:59 AM, Jorge Biquez wrote: > Hello all. > > I am sorry in advance if this question sounds too stupid. > > I have a small server for personal use of webpages running: > > 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 > > it is working fine , no problem very stable. > > I just need to block some IP class C address that are always trying to > "discover" directories or applications under the web server. They do not do > and can not do anything since this server has nothing installed but i am > tired of seeing in the logs all the intents they do every 2-3 seconds. > > I have not installed any kind of firewall yet. > What do you think is the best way to accomplish this task? If possible the > easiest one. I do not want to do anything else but just bloc IP's, at this > moment at least. > > Thanks in advance. > > Jorge Biquez > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > -- Nathan Vidican nathan@vidican.com (519) 962-9987 (Canada) (313) 586-1982 (USA)