Date: Sun, 24 Apr 2005 16:08:05 +0200 From: Frank Staals <f.staals@zonnet.nl> To: questions@freebsd.org Subject: Blocking traffic with PF Message-ID: <426BA845.3000309@zonnet.nl>
next in thread | raw e-mail | index | archive | help
Hey everyone, I would like to bock all traffic from one host, the problem is the data isn't comming from that host anymore, it is redirected from my router, I am using PF as firewall, this is te ruleset I wanted to use for it: block in from { example.host.com , example2.secondhost.com } to any but when I enable tcpdump when starting the application which triggers the comming data from the hosts I want to block this is a piece of what it shows ( with the -v option ) : 15:54:45.944499 IP Riza.FStaals.LAN.63681 > SpeedTouch.FStaals.Lan.domain: 57330+ AAAA? example.host.com. (35) 15:54:45.974083 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.63681: 57330 1/0/0 CNAME example2.secondhost.com. (54) 15:54:45.974301 IP Riza.FStaals.LAN.65038 > SpeedTouch.FStaals.Lan.domain: 57331+ A? example.host.com. (35) 15:54:45.986375 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.65038: 57331 2/0/0 CNAME example2.secondhost.com.[|domain] 15:54:45.986740 IP Riza.FStaals.LAN.63345 > SpeedTouch.FStaals.Lan.domain: 57332+ AAAA? example2.secondhost.com. (32) 15:54:45.999378 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.63345: 57332 0/0/0 (32) 15:54:45.999509 IP Riza.FStaals.LAN.58187 > SpeedTouch.FStaals.Lan.domain: 57333+ A? example2.secondhost.com. (32) 15:54:46.014454 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.58187: 57333 1/0/0 A 193.69.116.13 (48) 15:54:46.867432 IP Riza.FStaals.LAN.50980 > SpeedTouch.FStaals.Lan.domain: 36113+ PTR? 138.0.0.10.in-addr.arpa. (41) 15:54:46.868404 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.50980: 36113* 1/0/0 PTR[|domain] 15:54:46.869032 IP Riza.FStaals.LAN.54487 > SpeedTouch.FStaals.Lan.domain: 36114+ PTR? 13.116.69.193.in-addr.arpa. (44) 15:54:46.905268 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.54487: 36114 NXDomain* 0/0/0 (44 ) So the problem is that the data is redirected at my router ( SpeedTouch.FStaals.LAN ) to my laptop ( Riza.FStaals.LAN ) but I can't block all the traffic from my router since all other data I do want to receive. My router doesn't have an option to block specified URLs so I can't do it there eighter. Has anyone an Idea how I can block all the data from the 'bad-hosts' ( which I changed here in example.host.com and example2.secondhost.com ) Thanks in advance Frank Staals
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?426BA845.3000309>