Importing into rc.firewal rules
Andrew Konstantinov
abkonstantinov at earthlink.net
Sat Nov 20 20:22:33 PST 2004
On Sat, Nov 20, 2004 at 01:32:15PM -0500, Francisco Reyes wrote:
> I have a grown list of IPs that I am "deny ip from ###.### to any".
> Infected machines, hackers, etc..
>
> Is there a way to have this list outside of rc.firewall and just read it
> in?
I don't know how strong your bond with ipfw is, but it seems like pf has
exactly what you need. For example:
#--- excerpts from pf documentation ---
Tables can also be populated from text files containing a list of IP addresses
and networks:
table <spammers> persist file "/etc/spammers"
block in on fxp0 from <spammers> to any
Tables can be manipulated on the fly by using pfctl(8). For instance, to add
entries to the <spammers> table created above:
# pfctl -t spammers -T add 218.70.0.0/16
#--- excerpts from pf documentation ---
If ipfw isn't a tradition in your family, you might want to consider switching
to pf for those specific needs. :)
Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20041120/1850a91b/attachment.bin
More information about the freebsd-security
mailing list