Date: Wed, 26 Nov 2003 01:58:56 +0100 (CET) From: "Cordula's Web" <cpghost@cordula.ws> To: grant@thenetnow.com Cc: freebsd-questions@freebsd.org Subject: Re: Block IP Message-ID: <200311260058.hAQ0wu93048845@fw.farid-hajji.net> In-Reply-To: <00c001c3b3a9$9d7fa8e0$6401a8c0@grant> References: <00c001c3b3a9$9d7fa8e0$6401a8c0@grant>
next in thread | previous in thread | raw e-mail | index | archive | help
> Can I block a certain IP address at the machine or interface level using > freebsd? (No at the Apache or Sendmail level). Quick and dirty fix: # route add 1.2.3.4 127.0.0.1 All ACKs to 1.2.3.4 would not be able to reach their destination, and no TCP connections could be established this way. Moreoever, no UDP or ICMP packets would reach the blocked IP address. You can also block a whole subnet this way. The real solution is to enable a firewall at the interface level, or perhaps even add an ACL on your router (if you control your upstream router). -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200311260058.hAQ0wu93048845>