>From [EMAIL PROTECTED] Fri Dec 3 14:04:51 2004 > I'm trying to stop flagrant atempts at mail relaying and ssh probing on >my various boxes. I'm running ipfilter. I was wondering a few things: >firstly, is it possible to block regardless of protocol? Currently i've got: >block in quick on interface from ip proto tcp/udp to any >block in quick on interface from ip proto icmp to any >i'd like to shut these IP's down by one rule if possible. Secondly, i was >wondering is it possible to put a list of IP's in an external file and have >them dynamically added?
Hi Dave, I believe the answer is yes block in quick on interface from ip to any and just to be secure block out quick on interface from any to ip you don't have to have protocol at all As to utilizing the external list to generate block rules, check the archive of this email list for posts from me. I have several links to where I have ongoing development of scripts to do just that. Thanks, gene
