pf

[el kalin]

what exactly needs to happened in pf.conf so a range of ips gets blocked?!

in this case he range in <badstuff> is not blocked. i tried putting the
block right after the table declaration also… nothing spectacular
happened..

any help would be appreciated…   thanks…

here is my ruleset:

table <badstuff> { 46.19.139.0/24 }

tcp_in = "{ domain, www, https }"
udp = "{ domain, ntp, snmp }"
ping = "echoreq"
set skip on lo
scrub in
antispoof for bge0 inet

block in all
pass out all keep state
###  for tracroutes
pass out inet proto udp from any to any port 33433 >< 33626 keep state
pass proto udp to any port $udp

##icmp
pass inet proto icmp all icmp-type $ping keep state

## passing in
##pass in inet proto tcp to any port $tcp_in keep state
pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
pass proto tcp to any port ssh

block in on bge0 from { <badstuff> } to any