Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Feb 2020 18:27:32 +0300
From:      Andreas X <hamdi20193d@gmail.com>
To:        Tim Daneliuk <tundra@tundraware.com>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: Blacklist IP file for IPFW?
Message-ID:  <CAEW8WPuUS-7J5bbxTkzGtS8hyZ5nMAyv%2BaTDh4TS8HVwyizyqw@mail.gmail.com>
In-Reply-To: <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com>
References:  <CAEW8WPsMvq7bdAQ4cu=RYZQ=PfXMmbUUQ-yi_0qUAjt-nWTf=Q@mail.gmail.com> <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
Great answer! Thank you so much, Tim!

That's what I wanted to do.

Last question: Would /etc/rc.local be the best choice to run these (at
startup)? Or you'd perhaps have an another startup file, as suggestion..

Thank you once again,


Tim Daneliuk <tundra@tundraware.com>, 17 =C5=9Eub 2020 Pzt, 17:51 tarihinde=
 =C5=9Funu
yazd=C4=B1:

> On 2/17/20 8:36 AM, Andreas X wrote:
> <SNIP>
>
> > The list dramatically grows each week. How may I create a text file so
> that
> > IPFW would fetch these IPs from there directly? What's the simplest way
> to
> > do this please?
>
>
> Looping through a file and running an ipfw command each time gets super
> slow as
> the list gets long.  ipfw tables are the better way to do this:
>
>   FWCMD=3D"ipfw -q"   # Firewall command
>   OIF=3Dem0           # NIC to outside world
>
>   # Address spaces we want blocked entirely are listed in this file
>   NAUGHTYFILE=3D/usr/local/etc/firewall/naughtyIPs
>
>   # Use ipfw tables for efficiency
>
>   ipfw table 10 flush
>   for addr in `cat ${NAUGHTYFILE}`
>   do
>     ${FWCMD} table 10 add ${addr}
>   done
>
>   ${FWCMD} add deny all from table\(10\) to any via ${OIF}
>
> The "naughty" file can have specific IPs or CIDR blocks in it, one
> per line:
>
>   95.87.0.0/18
>   95.87.192.0/18
>   96.246.220.34
>   96.30.64.0/18
>   98.143.148.107
>
>
>
>
> HTH,
>
> -------------------------------------------------------------------------=
---
> Tim Daneliuk     tundra@tundraware.com
> PGP Key:         http://www.tundraware.com/PGP/
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEW8WPuUS-7J5bbxTkzGtS8hyZ5nMAyv%2BaTDh4TS8HVwyizyqw>