Importing into rc.firewal rules

Andrew Konstantinov abkonstantinov at earthlink.net
Sat Nov 20 20:22:33 PST 2004


On Sat, Nov 20, 2004 at 01:32:15PM -0500, Francisco Reyes wrote:
> I have a grown list of IPs that I am "deny ip from ###.### to any".
> Infected machines, hackers, etc..
> 
> Is there a way to have this list outside of rc.firewall and just read it 
> in?

I don't know how strong your bond with ipfw is, but it seems like pf has
exactly what you need. For example:

#--- excerpts from pf documentation ---

Tables can also be populated from text files containing a list of IP addresses
and networks:

  table <spammers> persist file "/etc/spammers"
  block in on fxp0 from <spammers> to any

Tables can be manipulated on the fly by using pfctl(8). For instance, to add
entries to the <spammers> table created above:

  # pfctl -t spammers -T add 218.70.0.0/16

#--- excerpts from pf documentation ---

If ipfw isn't a tradition in your family, you might want to consider switching
to pf for those specific needs. :)

Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20041120/1850a91b/attachment.bin


More information about the freebsd-security mailing list