Date: Mon, 17 Feb 2020 16:42:06 -0600 From: Tim Daneliuk <tundra@tundraware.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Blacklist IP file for IPFW? Message-ID: <e3aa5e53-606b-7ad4-b529-5891cf509fbf@tundraware.com> In-Reply-To: <CAEW8WPtqeFDahGMN8h4qijXe6oug7H6uEyG2hTuqs53G2K98eA@mail.gmail.com> References: <CAEW8WPsMvq7bdAQ4cu=RYZQ=PfXMmbUUQ-yi_0qUAjt-nWTf=Q@mail.gmail.com> <9585fce4-b48d-a210-d62f-a2100c0cf929@tundraware.com> <CAEW8WPunc9%2B-7qybkrnDep3R08ApgjBkA2n=fi%2ByU8psTJRkNg@mail.gmail.com> <CAEW8WPtqeFDahGMN8h4qijXe6oug7H6uEyG2hTuqs53G2K98eA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/17/20 10:47 AM, Andreas X wrote:
> Hi again,
>
> The rule: "65500 0 0 deny ip from table(10) to any" was almost the last rule and I suspected it, therefore I wanted to move the rule upper, changed the command:
>
> ${FWCMD} 00350 add deny all from table\(10\) to any
>
> (adding rule number 00350), now ipfw successfully blocks the IPs in the table.
> My question is, why it didn't block the IPs when it had rule number 65500? (It might be the last rules, but still, it has "deny" command..shouldn't it do the job?)
>
> Thank you.
I'm not sure, but you're using two different rules:
deny ip from table(10) to any
vs.
add deny all from table\(10\) to any
For sure, the first form is broken because you have to escape the parenthesis.
Also, you 1st rule only blocks IP traffic, not ICMP like ping (I think, not sure).
Any ipfw experts care to weigh in on this?
--
----------------------------------------------------------------------------
Tim Daneliuk tundra@tundraware.com
PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e3aa5e53-606b-7ad4-b529-5891cf509fbf>