On Sun, Mar 23, 2014 at 07:47:29AM -0700 I heard the voice of Julian Elischer, and lo! it spake thus: > > comments welcome (bugs expected) > > > /sbin/ipfw table add 13 0.0.0.0/8 > /sbin/ipfw table add 13 10.0.0.0/8 > /sbin/ipfw table add 13 169.254.0.0/16 > /sbin/ipfw table add 13 172.16.0.0/12 > /sbin/ipfw table add 13 192.0.2.0/24 > /sbin/ipfw table add 13 192.168.0.0/16 > /sbin/ipfw table add 13 224.0.0.0/4 > /sbin/ipfw table add 13 240.0.0.0/4 > > /sbin/ipfw add 2002 set 0 reject ip from any to table(13)
Missing a couple martians, and this is a bit automatable. It's sh, after all. Out of the script on one of my servers: ---------------------- # A table for ipv4 martians # Source: http://www.team-cymru.org/Services/Bogons/bogon-bn-agg.txt # NOTE: Source file doesn't have terminating newline; be sure to add one! mtable="100" bogfile="${mydir}/bogon-bn-agg.txt" if [ -r "$bogfile" ]; then ${ipfw} table ${mtable} flush cat $bogfile | while read block ; do ${ipfw} table ${mtable} add ${block} ; done fi # ... lots of stuff elided # Ignore ${ipfw} add 1010 drop ip4 from table\(${mtable}\) to any ---------------------- Handy to just be able to randomly fetch(1) a new file and let the fw keep up. Though watch out for that lacking trailing newline; I've been left without 224.0.0.0/3 (save a slot, escew /4!) once or twice from forgetting. -- Matthew Fuller (MF4839) | [email protected] Systems/Network Administrator | http://www.over-yonder.net/~fullermd/ On the Internet, nobody can hear you scream. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "[email protected]"
