Date: Wed, 29 Sep 2010 14:51:24 +0200 From: Bas Smeelen <b.smeelen@ose.nl> To: freebsd-questions@freebsd.org Subject: Re: IPFW firewall and TCP ports Message-ID: <4CA3364C.7000700@ose.nl> In-Reply-To: <BLU0-SMTP201E6E521042FA57939C8BB93670@phx.gbl> References: <BLU0-SMTP201E6E521042FA57939C8BB93670@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/29/2010 02=3A16 PM=2C Carmel wrote=3A =3E While perusing my Apache httpd-error=2Elog=2C I noticed a large number= of =3E attempts to access my phpmyadmin directory=2C as well as a few less kno= w =3E others=2E Most of these probes originated from China=2E Since I have no= =3E legitimate business dealing with that region=2C I decided to create a= =3E table in my IPFW firewall to block them=2E This is an example=3A =3E =3E =3E =23=23 IPFW Firewall Rules =3E =3E =23 Set rules command prefix =3E cmd=3D=22ipfw -q add=22 =3E =3E =23 public interface name of NIC facing the public Internet =3E pif=3D=22nfe0=22 =20 =3E =3E =23 Lets start by listing known bad IP addresses and blocking them=2E W= e =3E =23 will put them into a table for easier handling=2E =3E =3E ipfw -q table 1 add 60=2E0=2E0=2E0/8 =3E ipfw -q table 1 add 61=2E0=2E0=2E0/8 =3E =3E =24cmd set 1 deny log all from table=5C=281=5C=29 to any in via =24pif= =3E =3E The above is the first entry in my =22rules=22 file=2E I know that IPFW= is =3E working since I have blocked other ports for other services and it has= =3E worked correctly=2E =3E =3E The problem is that these IPs are not being blocked=2E I continue to se= e =3E them listed in the httpd-error=2Elog=2E I have rebooted my machine and= =3E therefore am quite certain that these rules are being loaded=2E =3E =3E The problem is that I probably do not understand how to properly block= =3E an IP or range of IPs from accessing my web server correctly=2E I would= =3E really appreciate any assistance=2E =3E =3E =20 There is an archived thread on the freebsd forums http=3A//forums=2Efreebsd=2Eorg/archive/index=2Ephp/t-10181=2Ehtml And a long list of ranges on http=3A//www=2Eparkansky=2Ecom/china=2Ehtm wit= h uses apaches features to block these address ranges I see this also on our webservers=2C but it doesn=27t bother those servers= or me Maybe try blocken those ranges first with a rule for each to get the right subnets and put them in a table afterwards=3F DISCLAIMER=3A This e-mail is for the intended recipient=28s=29 only=2E Acce= ss=2C disclosure=2C copying=2C distribution or reliance on any of it by anyone else is prohibited=2E If yo= u have received it by mistake please let us know by reply and then delete it from your system= =2E
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4CA3364C.7000700>