Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 3 Mar 2011 12:12:58 -0500
From:      Nathan Vidican <nathan@vidican.com>
To:        Jorge Biquez <jbiquez@intranet.com.mx>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Simplest way to deny access to a class C
Message-ID:  <AANLkTi=hB7kmAE7d1MAe=sHtbqL5ge18bGAC3s7f2nom@mail.gmail.com>
In-Reply-To: <3382016411-764985335@intranet.com.mx>
References:  <3382016411-764985335@intranet.com.mx>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Since you currently have NO firewall, then I would say the simplest method
would be to turn one on, and create an open ruleset allowing all traffic,
then add a filter rule to just block out what you do not want. However,
having said this is the simplest way - it is not the best or even a really
good way. Firewall should be inclusive; designed to only allow what you DO
want and ignore/drop everything else. Please see:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls.html for
a good explanation and overview. Some firewalls can be used as modules with
the generic kernel, some will require you to compile a custom kernel - again
there are advantages/disadvantages to either approach. Personally I use IPFW
for simple stuff, and PF when it gets more complex, but that's just me.

On Thu, Mar 3, 2011 at 11:59 AM, Jorge Biquez <jbiquez@intranet.com.mx>wrote:

> Hello all.
>
> I am sorry in advance if this question sounds too stupid.
>
> I have a small server for personal use of webpages running:
>
> 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0
>
> it is working fine , no problem very stable.
>
> I just need to block some IP class C address that are always trying to
> "discover" directories or applications under the web server. They do not do
> and can not do anything since this server has nothing installed but i am
> tired of seeing in the logs all the intents they do every 2-3 seconds.
>
> I have not installed any kind of firewall yet.
> What do you think is the best way to accomplish this task? If possible the
> easiest one. I do not want to do anything else but just bloc IP's, at this
> moment at least.
>
> Thanks in advance.
>
> Jorge Biquez
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
> freebsd-questions-unsubscribe@freebsd.org"
>



-- 
Nathan Vidican
nathan@vidican.com
(519) 962-9987 (Canada)
(313) 586-1982 (USA)



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?AANLkTi=hB7kmAE7d1MAe=sHtbqL5ge18bGAC3s7f2nom>