Date: Tue, 10 Nov 1998 13:22:58 +1100 (EST)
From: Tony Alexander Frank <s9507886@cse.rmit.edu.au>
To: willow@tds.edu (Willow)
Cc: freebsd-isp@FreeBSD.ORG
Subject: Re: hosts.{deny|allow}
Message-ID: <199811100222.NAA25520@dropbear.cse.rmit.EDU.AU>
In-Reply-To: <Pine.BSF.4.05.9811061318250.18373-100000@zeus.tds.edu> from "Willow" at Nov 6, 98 01:23:34 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Hey Willow, > I'm trying to block access to our freebsd (2.2.7) boxes from several > domains and not having any luck. I have read the man pages on > hosts_optiosn and hosts_access and tried to follow along without success. > > I would prefer to block based on IP (I have 10 class C's or so that need > to be blocked) if possible. I think you'd be best suited by using some deny rules in ipfw or a similar firewall (whatever you're running with presently) eg, if you've added ipfirewall to your kernel config, you can then edit one of the prebuilt firewall configs found in /etc/rc.firewall and simple add an extra deny rule or ten. is add something like Suppose you want to block any & all TCP/IP access from the 'bad' network of 192.168.1.0 then you can add a line like the following to your rc.firewall: $ifwcmd add deny log all from 192.168.1.0/16 to any There's several prebuilt samples in /etc/rc.firewall... Remember that if you use this, to also update /etc/rc.conf with the appropriate firewall options. -- | Tony Frank | Mobile: +61-412-481-029 | | 4th Year Computer Systems Engineering | Fax: +61-3-9720-4672 | | RMIT, Melbourne, Victoria, Australia | Email: s9507886@cse.rmit.edu.au | To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811100222.NAA25520>