Date: Tue, 18 Sep 2001 21:42:07 -0400 From: "Christian S ." <cschreiber@netrail.net> To: klein brock <getzz1@yahoo.com> Cc: Matthew Emmerton <matt@gsicomp.on.ca>, questions@FreeBSD.ORG Subject: Re: FIREWALL REALLY NEED HELP Message-ID: <20010918214207.T88158@netrail.net> In-Reply-To: <20010919011000.72930.qmail@web20110.mail.yahoo.com>; from getzz1@yahoo.com on Tue, Sep 18, 2001 at 06:10:00PM -0700 References: <00eb01c140a6$65e3c7e0$1200a8c0@gsicomp.on.ca> <20010919011000.72930.qmail@web20110.mail.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Try this instead: ipfw add deny ip from 209.12.0.0/16 to any via any. Beware, however.. you are setting yourself up to blackhole a BUNCH of traffic. Make *sure* that you are blocking all bad traffic. I can't imagine that an entire /16 has managed to peeve you off.. perhaps you should talk to the administrator of those IP's, rather than just trash all of them. Christian On Tue, Sep 18, 2001 at 06:10:00PM -0700, klein brock babbled: > Delivered-To: cschreiber@netrail.net > Date: Tue, 18 Sep 2001 18:10:00 -0700 (PDT) > From: klein brock <getzz1@yahoo.com> > Subject: Re: FIREWALL REALLY NEED HELP > To: Matthew Emmerton <matt@gsicomp.on.ca>, > "Christian S ." <cschreiber@netrail.net> > Cc: questions@FreeBSD.ORG > In-Reply-To: <00eb01c140a6$65e3c7e0$1200a8c0@gsicomp.on.ca> > > oh ic... thanks for the help. i have a last question. > > also.. i'm trying to block ip '209.12.*.*' > > ipfw add deny all from 209.12.0.0/24 to any via any > > but it doesn't block any ip from 209.12.* > > can anybody help me ? > > Thanks alot for helping me. > > --- Matthew Emmerton <matt@gsicomp.on.ca> wrote: > > > > all = ip. > > > > From ipfw(8): > > > > proto An IP protocol specified by number or > > name (for a complete list > > see /etc/protocols). The ip or all > > keywords mean any protocol > > will match. > > -- > > Matt Emmerton > > > > ----- Original Message ----- > > From: "klein brock" <getzz1@yahoo.com> > > To: "Christian S ." <cschreiber@netrail.net> > > Cc: <questions@FreeBSD.ORG> > > Sent: Tuesday, September 18, 2001 8:57 PM > > Subject: Re: FIREWALL REALLY NEED HELP > > > > > > > # ipfw add deny all from 209.1.4.0/24 to any via > > any > > > 51900 deny ip from 209.1.4.0/24 to any via any > > > > > > why it comes out: > > > > > > 51900 deny ip from 209.1.4.0/24 to any via any > > > > > > instead of: > > > > > > 51900 deny all from 209.1.4.0/24 to any via any > > > > > > ? > > > > > > Thank you > > > > > > --- "Christian S ." <cschreiber@netrail.net> > > wrote: > > > > try: > > > > > > > > ipfw add deny all from 209.1.4.0/24 to any via > > any. > > > > > > > > This should take care of most of your woes.. > > > > > > > > Chrsitain > > > > > > > > On Tue, Sep 18, 2001 at 05:13:02PM -0700, klein > > > > brock babbled: > > > > > Delivered-To: cschreiber@netrail.net > > > > > Delivered-To: freebsd-questions@freebsd.org > > > > > Date: Tue, 18 Sep 2001 17:13:02 -0700 (PDT) > > > > > From: klein brock <getzz1@yahoo.com> > > > > > Subject: FIREWALL REALLY NEED HELP > > > > > To: questions@freebsd.org > > > > > List-ID: <freebsd-questions.FreeBSD.ORG> > > > > > List-Archive: <http://docs.freebsd.org/mail/>; > > (Web > > > > Archive) > > > > > List-Help: > > > > <mailto:majordomo@FreeBSD.ORG?subject=help> > > (List > > > > Instructions) > > > > > List-Subscribe: > > > > > > > > > > <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions> > > > > > List-Unsubscribe: > > > > > > > > > > <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions> > > > > > X-Loop: FreeBSD.ORG > > > > > Precedence: bulk > > > > > > > > > > Hi, > > > > > > > > > > someone abuse my server... and i want to block > > ip > > > > > '209.1.4.*' > > > > > > > > > > ipfw add 00001 add deny ip from 209.1.4.0/24 > > to > > > > any > > > > > > > > > > it doesn't block that ip ... any suggestion > > what > > > > > should i do ? > > > > > > > > > > Thank you in advance > > > > > > > > > > > > __________________________________________________ > > > > > Terrorist Attacks on U.S. - How can you help? > > > > > Donate cash, emergency relief information > > > > > > > > > > > > > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > > > > > > > > > To Unsubscribe: send mail to > > majordomo@FreeBSD.org > > > > > with "unsubscribe freebsd-questions" in the > > body > > > > of the message > > > > ---end quoted text--- > > > > > > > > -- > > > > Christian Schreiber, Netrail Network Security > > > > Engineer > > > > -- > > > > "They that can give up essential liberty to > > obtain a > > > > little temporary > > > > safety deserve neither liberty nor safety." > > > > -- Benjamin Franklin, 1759 > > > > > > > > > > > > > __________________________________________________ > > > Terrorist Attacks on U.S. - How can you help? > > > Donate cash, emergency relief information > > > > > > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-questions" in the body > > of the message > > > > > > > > __________________________________________________ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ ---end quoted text--- -- Christian Schreiber, Netrail Network Security Engineer -- "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010918214207.T88158>