Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 27 Mar 2002 00:16:12 -0800
From:      "Crist J. Clark" <cjc@FreeBSD.ORG>
To:        Tony Saign <tony@saign.com>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: Rule to ignore/drop traffic from entire subnet??
Message-ID:  <20020327001612.N89885@blossom.cjclark.org>
In-Reply-To: <000401c1d540$3adf71f0$1401a8c0@frankenmobl>; from tony@saign.com on Tue, Mar 26, 2002 at 07:33:58PM -0800
References:  <000401c1d540$3adf71f0$1401a8c0@frankenmobl>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Tue, Mar 26, 2002 at 07:33:58PM -0800, Tony Saign wrote:
> I have noticed certain IP address blocks (mostly from overseas),
> generating large logs on my router system.
> 
> Is it possible to just drop/ignore and log all traffic originating from
> these
> subnets without affecting system performance with a rule or rules?

Sure, but...

> Mar 24 00:19:55 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 <snip> in
> via fxp0
> Mar 24 00:19:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.72 <snip> in
> via fxp0
> Mar 24 00:21:18 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 <snip> in
> via fxp0
> Mar 24 00:21:21 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.70 <snip> in
> via fxp0
> Mar 24 00:22:58 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 <snip> in
> via fxp0
> Mar 24 00:23:01 /kernel: ipfw: 3000 Deny ICMP:8.0 216.52.65.65 <snip> in
> via fxp0

The problem is deciding which networks to block. This particular
address is not "overseas" which your first sentence would imply. It
is very difficult, and often not possible, to determine where large
blocks of address space reside in the physical world.
-- 
Crist J. Clark                     |     cjclark@alum.mit.edu
                                   |     cjclark@jhu.edu
http://people.freebsd.org/~cjc/    |     cjc@freebsd.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20020327001612.N89885>