Date: Tue, 24 Aug 2004 11:17:39 -0500 From: Chris <racerx@makeworld.com> To: FreeBSD - ipfw <freebsd-ipfw@freebsd.org> Subject: Denying multiple IP's Message-ID: <412B6A23.1000708@makeworld.com>
next in thread | raw e-mail | index | archive | help
I'm working with a friend of mine w/ipfw. Below are IP's that are trying
to hack in via ssh. I suggested to use something in the form of:
# Allow in SFTP, SSH, and SCP from public Internet
${fwcmd} add 090 pass log tcp from xxx.xxx.xxx.xxx/29 to ${ip} 22 setup
limit src-addr 4
But he mentions that he needs access to his box from potential client
sites where the IP is unknown.
There has to be a better way to block the below - suggestions?
#
# IPs that seem to want to get in REALLY bad... deny all tcp/udp from IPs.
#
${fwcmd} add 300 deny tcp from 24.79.68.179 to any
${fwcmd} add 301 deny udp from 24.79.68.179 to any
${fwcmd} add 302 deny tcp from 64.246.20.123 to any
${fwcmd} add 303 deny udp from 64.246.20.123 to any
${fwcmd} add 304 deny tcp from 81.223.99.90 to any
${fwcmd} add 305 deny udp from 81.223.99.90 to any
${fwcmd} add 306 deny tcp from 140.112.124.123 to any
${fwcmd} add 307 deny udp from 140.112.124.123 to any
${fwcmd} add 308 deny tcp from 193.145.87.3 to any
${fwcmd} add 309 deny udp from 193.145.87.3 to any
${fwcmd} add 310 deny tcp from 203.186.157.37 to any
${fwcmd} add 311 deny udp from 203.186.157.37 to any
${fwcmd} add 312 deny tcp from 210.204.129.11 to any
${fwcmd} add 313 deny udp from 210.204.129.11 to any
${fwcmd} add 314 deny tcp from 211.60.219.250 to any
${fwcmd} add 315 deny udp from 211.60.219.250 to any
${fwcmd} add 316 deny tcp from 211.252.9.126 to any
${fwcmd} add 317 deny udp from 211.252.9.126 to any
${fwcmd} add 318 deny tcp from 218.21.129.105 to any
${fwcmd} add 319 deny udp from 218.21.129.105 to any
${fwcmd} add 320 deny tcp from 218.49.183.17 to any
${fwcmd} add 321 deny udp from 218.49.183.17 to any
${fwcmd} add 322 deny tcp from 218.102.19.78 to any
${fwcmd} add 323 deny udp from 218.102.19.78 to any
${fwcmd} add 324 deny tcp from 218.237.66.152 to any
${fwcmd} add 325 deny udp from 218.237.66.152 to any
${fwcmd} add 326 deny tcp from 221.3.131.80 to any
${fwcmd} add 327 deny udp from 221.3.131.80 to any
# Everything else is denied by default
--
Best regards,
Chris
The one time in the day that you lean back and relax
is the one time the boss walks through the office.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?412B6A23.1000708>