Date: Wed, 27 Mar 2002 00:16:12 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: Tony Saign <tony@saign.com> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: Rule to ignore/drop traffic from entire subnet?? Message-ID: <20020327001612.N89885@blossom.cjclark.org> In-Reply-To: <000401c1d540$3adf71f0$1401a8c0@frankenmobl>; from tony@saign.com on Tue, Mar 26, 2002 at 07:33:58PM -0800 References: <000401c1d540$3adf71f0$1401a8c0@frankenmobl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 26, 2002 at 07:33:58PM -0800, Tony Saign wrote:
> I have noticed certain IP address blocks (mostly from overseas),
> generating large logs on my router system.
>
> Is it possible to just drop/ignore and log all traffic originating from
> these
> subnets without affecting system performance with a rule or rules?
Sure, but...
> Mar 24 00:19:55 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 <snip> in
> via fxp0
> Mar 24 00:19:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 <snip> in
> via fxp0
> Mar 24 00:21:18 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 <snip> in
> via fxp0
> Mar 24 00:21:21 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 <snip> in
> via fxp0
> Mar 24 00:22:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 <snip> in
> via fxp0
> Mar 24 00:23:01 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 <snip> in
> via fxp0
The problem is deciding which networks to block. This particular
address is not "overseas" which your first sentence would imply. It
is very difficult, and often not possible, to determine where large
blocks of address space reside in the physical world.
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020327001612.N89885>