[email protected] wrote:
Greetings,
I know very little about creating an initial pf.conf.
I know /very/ /much/ that I want/need PF, and will need a fair amount
of time to "tune" pf to work optimally for each server.
BUT, in an effort to get started, I'm hoping that some kind soul will
provide me with a very basic pf.conf that will not interrupt the
current application/server block policies I already have in place -
which is to say; I currently block at the application/server, but hope
to merge (transfer) them to PF. So. can anyone share a pf.conf that will
allow all, but block ALL_EVIL_IP requests on ALL ports?
In other words, if I only wanted to block (drop) ALL traffic coming from a
/single/ IP address. How would I do it?
I have one (active) NIC in each of my servers, and there are anywhere from 3
to 12 IP's aliased to them above and beyond the IP assigned to the host
itself. All addresses are fully qualified, internet route-able addresses
(no internal/private IP's).
If you really need to block one IP, you can use following simple ruleset:
block in quick from 10.20.30.40 to any
pass all
If you need to block more than one address, or you need easy
manipulation with list of addresses, you can use tables in ruleset:
table <badguys> persist file "/etc/pf.badguys.table"
block in quick from <badguys> to any
pass all
You can put IPs in to persistent file /etc/pf.badguys.table, these IPs
will be loaded in the boot time. You can add / remove address on the fly
by pfctl command:
pfctl -t badguys -T add 10.11.12.13
pfctl -t badguys -T delete 10.11.12.13
Miroslav Lachman
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[email protected]"
