Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Feb 2020 13:10:19 +0100
From:      Polytropon <freebsd@edvax.de>
To:        Andreas X <hamdi20193d@gmail.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Quickly ban an IP IPFW?
Message-ID:  <20200211131019.dbcd2d8c.freebsd@edvax.de>
In-Reply-To: <CAEW8WPtX=vO91RgqNqp6dVs5-P2_D-k9WBOzOSSKfYGGwKm+Gg@mail.gmail.com>
References:  <CAEW8WPtX=vO91RgqNqp6dVs5-P2_D-k9WBOzOSSKfYGGwKm+Gg@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Mon, 10 Feb 2020 10:03:44 +0300, Andreas X wrote:
> I have IPFW enabled like follows:
> 
> firewall_enable="YES"
> firewall_quiet="YES"
> firewall_type="workstation"
> firewall_logdeny="NO"
> firewall_allowservices="any"
> firewall_myservices="53/tcp 53/udp 10025/tcp 10024/tcp 25/tcp 993/tcp
> 995/tcp 465/tcp 587/tcp 5665/tcp 80/tcp 443/tcp 2053/tcp 3306/tcp"
> 
> (No rules file, the ones above suits my needs perfectly)
> 
> How to quickly (and permanently) ban an IP using IPFW without having any
> log?
> 
> There's an IP address scanning almost all my services 24/7, would like to
> permanently ban.

You could probably do this with a manual entry in /etc/rc.local:

	#!/bin/sh
	/sbin/ipfw add deny tcp from <IP> to any in

If you do not add the "log" keyword, the denied (dropped) packets
will not be logged. If you see more than TCP packets, use "all"
instead of "tcp" in the rule.


-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20200211131019.dbcd2d8c.freebsd>