From owner-freebsd-ipfw@FreeBSD.ORG Sun Jan 18 09:13:49 2009 Return-Path: Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 36B37106564A for ; Sun, 18 Jan 2009 09:13:49 +0000 (UTC) (envelope-from fbsdmail@dnswatch.com) Received: from fast.dnswatch.com (fast.dnswatch.com [75.160.109.234]) by mx1.freebsd.org (Postfix) with ESMTP id 0157D8FC14 for ; Sun, 18 Jan 2009 09:13:48 +0000 (UTC) (envelope-from fbsdmail@dnswatch.com) Received: from webmail.dnswatch.com (localhost.dnswatch.com [127.0.0.1]) by fast.dnswatch.com (8.14.2/8.14.2) with ESMTP id n0I8cZKN026998 for ; Sun, 18 Jan 2009 00:38:41 -0800 (PST) (envelope-from fbsdmail@dnswatch.com) Received: from hitme.hitometer.net ([75.160.109.235]) (DNSwatchWebMail authenticated user infos) by webmail.dnswatch.com with HTTP; Sun, 18 Jan 2009 00:38:41 -0800 (PST) Message-ID: <1528c4e04e7e0d186cf8a9d9c4974ad6.dnswclient@webmail.dnswatch.com> Date: Sun, 18 Jan 2009 00:38:41 -0800 (PST) From: fbsdmail@dnswatch.com To: freebsd-ipfw@freebsd.org User-Agent: DNSwatchWebMail/1.5.2 [SVN] MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: possible to block one address on all ports? X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Jan 2009 09:13:49 -0000 Greetings, I have what I hope is a simple question that I /hope/ has a simple option. Here's my scenario; My current filtering is done on an application/ service level. While I'm anxious to migrate this to IPFW, I'm don't yet have the time available that will be required. But I have a situation that requires the need to drop any, and all requests from one single IP address. So I thought I might seize this situation as an opportunity to "get my feet wet" with IPFW. So here's my question; Is it possible for me to use IPFW without altering any traffic - that is; nothing changes on incoming/outgoing EXCEPT where this /evil/ IP is concerned? Or, can I start IPFW, and use it to ONLY drop all requests from this /evil/ IP no matter which ports that IP makes a request on? I can? Can/would anyone be willing to tell me how? Apologies in advance, I realize this is pretty "ground level stuff". But I feel if I could get a good start, getting up to speed from there will be a greatly shortened learning curve. Thank you for all your time and consideration. --Chris