Blacklist IP file for IPFW?
Andreas X
hamdi20193d at gmail.com
Tue Feb 18 14:00:39 UTC 2020
Hello Robert,
Thanks for your reply. Sure, here's the entire IPFW ruleset:
https://hastepaste.com/view/PqDX5sl
(allow IPs are just Cloudflare's IPs)
Please see the line: 00350 15 882 deny ip from table(1) to any (BANS
the IPs from table 1 successfully)
BUT if that line would be: 65500 15 882 deny ip from table(1) to any
(It doesn't ban anything)
Thank you all,
Regards.
Robert Huff <roberthuff at rcn.com>, 18 Şub 2020 Sal, 16:27 tarihinde şunu
yazdı:
>
> Andreas X writes:
>
> > Question is: If I don't add the rule number 00350 to that command,
> > that rule gets located to 65000s, and ipfw doesn't block the IPs in
> > table, at all. I wanted to ask why such react, shouldn't IPFW still
> > do the job (deny) even if the rule number belongs to last ones?
>
> I am not an IPFW expert ... but:
> It is my understanding IPFW stops processing a packet after the
> first rule that matches that packet. Am I wrong?
> If not, this suggests somewhere between rule 351 and rule
> 650000(-ish) is a rule that matches the packet and keeps it from
> getting processed by anything lower in the list.
> Would you be willing to publish your entire IPFW ruleset?
>
>
>
> Respectfully,
>
>
> Robert Huff
>
>
More information about the freebsd-questions
mailing list