From owner-freebsd-questions@FreeBSD.ORG Mon Oct 11 10:16:08 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 547DE16A4CE for ; Mon, 11 Oct 2004 10:16:08 +0000 (GMT) Received: from bsdhacker.org (server.bsdhacker.org [166.102.211.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id 479AB43D48 for ; Mon, 11 Oct 2004 10:16:07 +0000 (GMT) (envelope-from uidzero@one-arm.com) Received: from localhost (localhost [127.0.0.1]) by bsdhacker.org (Postfix) with ESMTP id B84823E2; Mon, 11 Oct 2004 05:15:51 -0500 (CDT) Received: from bsdhacker.org ([127.0.0.1]) by localhost (server.bsdhacker.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 55449-08; Mon, 11 Oct 2004 05:15:44 -0500 (CDT) Received: from [192.168.1.2] (bsd.bsdhacker.org [192.168.1.2]) by bsdhacker.org (Postfix) with ESMTP id 722A020A; Mon, 11 Oct 2004 05:15:44 -0500 (CDT) Message-ID: <416A5CF6.20508@one-arm.com> Date: Mon, 11 Oct 2004 05:14:14 -0500 From: uidzero User-Agent: Mozilla Thunderbird 0.7.3 (X11/20040928) X-Accept-Language: en-us, en MIME-Version: 1.0 To: pelle@spd.nu References: In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: by amavisd-new at bsdhacker.org cc: freebsd-questions@freebsd.org Subject: Re: Adding network & IP to hosts.deny X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 11 Oct 2004 10:16:08 -0000 Pelle Andersson wrote: >Hi! > >I have a lot of login attempts from various networks and IP addresses >on my FBSD 4.10 server. I have read the man pages for hosts.deny but >do not understand how to add networks and IP addresses to it. > >Let's say I want to block the network address 192.168.100.0 and/or >the IP address 192.168.135.77. > >What I understand is when using hosts.deny, I stopping them totally >from using any networking services, right? > >Would it be better to let the built-in firewall (/etc/rc.firewall) >to stopping them? I have the firewall activated and have changed >the port for example SSH to a higher one. > >Could someone please provide me with some examples on either using >hosts.deny or the default firewall? > >A big thanks in advance, >Best Regards Pelle > >_______________________________________________ >freebsd-questions@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-questions >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > I use "/etc/rc.ipfw"... ${fwcmd} add 300 deny IP from 24.19.0.105 to any ${fwcmd} add 301 deny IP from 24.79.68.179 to any ${fwcmd} add 400 deny IP from 61.100.180.125 to any ${fwcmd} add 401 deny IP from 61.206.125.28 to any ${fwcmd} add 402 deny IP from 61.211.239.236 to any ${fwcmd} add 500 deny IP from 63.144.19.6 to any ${fwcmd} add 501 deny IP from 64.246.20.123 to any ${fwcmd} add 502 deny IP from 66.223.46.129 to any ${fwcmd} add 503 deny IP from 67.81.127.99 to any ${fwcmd} add 600 deny IP from 81.223.99.90 to any ${fwcmd} add 700 deny IP from 140.112.124.123 to any ${fwcmd} add 701 deny IP from 159.226.2.161 to any ${fwcmd} add 702 deny IP from 163.25.65.3 to any ${fwcmd} add 703 deny IP from 193.145.87.3 to any ${fwcmd} add 800 deny IP from 202.57.191.179 to any ${fwcmd} add 801 deny IP from 202.226.185.150 to any ${fwcmd} add 810 deny IP from 203.71.62.9 to any ${fwcmd} add 113 deny IP from 203.98.166.25 to any ${fwcmd} add 812 deny IP from 203.115.96.151 to any ${fwcmd} add 813 deny IP from 203.169.248.5 to any ${fwcmd} add 814 deny IP from 203.186.157.37 to any ${fwcmd} add 830 deny IP from 205.209.141.50 to any ${fwcmd} add 870 deny IP from 209.88.93.138 to any ${fwcmd} add 871 deny IP from 209.172.103.235 to any ${fwcmd} add 880 deny IP from 210.204.129.11 to any ${fwcmd} add 890 deny IP from 211.60.219.250 to any ${fwcmd} add 891 deny IP from 211.221.246.28 to any ${fwcmd} add 892 deny IP from 211.251.71.2 to any ${fwcmd} add 893 deny IP from 211.252.9.126 to any ${fwcmd} add 940 deny IP from 216.29.112.126 to any ${fwcmd} add 950 deny IP from 217.172.182.148 to any ${fwcmd} add 960 deny IP from 218.21.129.105 to any ${fwcmd} add 961 deny IP from 218.49.183.17 to any ${fwcmd} add 962 deny IP from 218.102.19.78 to any ${fwcmd} add 963 deny IP from 218.237.66.152 to any ${fwcmd} add 970 deny IP from 220.64.223.249 to any ${fwcmd} add 971 deny IP from 220.73.215.151 to any ${fwcmd} add 980 deny IP from 221.3.131.80 to any ${fwcmd} add 981 deny IP from 221.12.11.118 to any ${fwcmd} add 982 deny IP from 222.56.118.124 to any Is th list I have so far... I haven't added any (I'm sure I received more attempts) since Friday... above this part, I have the rest of my firewall script.. Hopethis helps, Michael -- Michael D. Whities uidzero@one-arm.com http://www.one-arm.com -- There are four colors of hats to watch for: Black, White, Grey, and Red. The meanings are: Cracker, Hacker, Guru, and Victim.