FreeBSD / OpenBSD: PF Firewall Blocking IP Address & Subnets February 5th, 2010
How do I configure tables to drop large number of IPs?
Open pf.conf file, enter:
# nano /etc/pf.conf
Add following code:
table persist file "/etc/pf.blocked.ip.conf" ext_if="em1" # interface connected to internet
Add following code to drop and log all ips / subnet listed in /etc/pf.blocked.ip.conf, file
block drop in log (all) quick on $ext_if from to any
Save and close the file. Now create file /etc/pf.blocked.ip.conf file using nano text editor, enter:
nano /etc/pf.blocked.ip.conf
Sample output:
192.168.1.0/24 202.54.1.5 # 202.54.4.5
The file /etc/pf.blocked.ip.conf should contain a list of IP addresses and/or CIDR network blocks, one per line. Any line beginning with # is treated as a comment and ignored by pf.
To load new rules, simply type:
# sh /root/reloadpf Read the rest of this entry »
Tags: Blocking Subnets, freebsd, l Blocking IP Address, OpenBSD, PF Firewal
Posted in feebsd, Networking | No Comments »
Posted in feebsd, Networking | No Comments »
