Re: Simplest way to deny access to a class C

2011-03-04 Thread Patrick Gibson
.@freebsd.org >> > [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson >> > Sent: Thursday, March 03, 2011 5:58 PM >> > To: Jorge Biquez >> > Cc: freebsd-questions@freebsd.org >> > Subject: Re: Simplest way to deny access to a class C

Re: Simplest way to deny access to a class C

2011-03-04 Thread Gary Gatten
Null (bogus) route that /24 seems the most simple to me: 5 seconds and no upgrades or add ons. - Original Message - From: Jorge Biquez [mailto:jbiq...@intranet.com.mx] Sent: Friday, March 04, 2011 08:07 PM To: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a

Re: Simplest way to deny access to a class C

2011-03-04 Thread Jorge Biquez
I wonder why nobodies mentioned a quite simple method with tcpwrappers and hosts.allow / hosts.deny also Hello. I guess something simple could work For some reason, don ask me why becasue I did not find why, the: Order Deny, Allow Deny IP Allow all under httpd.conf and outsite as .ht

Re: Simplest way to deny access to a class C

2011-03-04 Thread Robison, Dave
owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/ports/www/mod

Re: Simplest way to deny access to a class C

2011-03-04 Thread Outback Dingo
sday, March 03, 2011 5:58 PM > > To: Jorge Biquez > > Cc: freebsd-questions@freebsd.org > > Subject: Re: Simplest way to deny access to a class C > > > > You might consider mod_security (/usr/ports/www/mod_security) which > > can be set up to ban hosts based on beh

Re: Simplest way to deny access to a class C

2011-03-04 Thread Patrick Gibson
tion... > > -Original Message- > From: owner-freebsd-questi...@freebsd.org > [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson > Sent: Thursday, March 03, 2011 5:58 PM > To: Jorge Biquez > Cc: freebsd-questions@freebsd.org > Subject: Re: Simple

Re: Simplest way to deny access to a class C

2011-03-04 Thread David Brodbeck
On Thu, Mar 3, 2011 at 4:02 PM, Gary Gatten wrote: > Be careful of automated responses.  What if someone spoofs IP's of legit > users / customers / whatever and your automated response blocks them?  Not > good. Fortunately this is a relatively low risk with fail2ban, because to spoof a failed S

Re: Simplest way to deny access to a class C

2011-03-04 Thread krad
] On Behalf Of Patrick Gibson >> Sent: Thursday, March 03, 2011 5:58 PM >> To: Jorge Biquez >> Cc: freebsd-questions@freebsd.org >> Subject: Re: Simplest way to deny access to a class C >> >> You might consider mod_security (/usr/ports/www/mod_security) which >

RE: Simplest way to deny access to a class C

2011-03-03 Thread Jorge Biquez
attention... -Original Message- From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You migh

RE: Simplest way to deny access to a class C

2011-03-03 Thread Gary Gatten
From: owner-freebsd-questi...@freebsd.org [mailto:owner-freebsd-questi...@freebsd.org] On Behalf Of Patrick Gibson Sent: Thursday, March 03, 2011 5:58 PM To: Jorge Biquez Cc: freebsd-questions@freebsd.org Subject: Re: Simplest way to deny access to a class C You might consider mod_security (/usr/port

Re: Simplest way to deny access to a class C

2011-03-03 Thread Patrick Gibson
You might consider mod_security (/usr/ports/www/mod_security) which can be set up to ban hosts based on behaviour or characteristics. Or fail2ban (/usr/ports/security/py-fail2ban) is really great, too, in that it scans whatever logs you want, and can trigger a block in your firewall if enough viol

Re: Simplest way to deny access to a class C

2011-03-03 Thread Frank Shute
On Thu, Mar 03, 2011 at 10:59:59AM -0600, Jorge Biquez wrote: > > Hello all. > > I am sorry in advance if this question sounds too stupid. > > I have a small server for personal use of webpages running: > > 7.3-PRERELEASE FreeBSD 7.3-PRERELEASE #0 > > it is working fine , no problem very stable

Re: Simplest way to deny access to a class C

2011-03-03 Thread Michael J. Kearney
Ps what log are you reading? Lol "Michael J. Kearney" wrote: Install a wins server to stop netbios requests and a dhcp server or denying the dhcp requests won't stop them. Use natd to forward them. Jorge Biquez wrote: Hello all. I am sorry in advance if this question sounds too stupid.

Re: Simplest way to deny access to a class C

2011-03-03 Thread Michael J. Kearney
Install a wins server to stop netbios requests and a dhcp server or denying the dhcp requests won't stop them. Use natd to forward them. Jorge Biquez wrote: Hello all. I am sorry in advance if this question sounds too stupid. I have a small server for personal use of webpages running: 7.3-P

Re: Simplest way to deny access to a class C

2011-03-03 Thread Nathan Vidican
Since you currently have NO firewall, then I would say the simplest method would be to turn one on, and create an open ruleset allowing all traffic, then add a filter rule to just block out what you do not want. However, having said this is the simplest way - it is not the best or even a really goo

Re: Simplest way to deny access to a class C

2011-03-03 Thread Gary Gatten
Adding null routes to the address space in question will prevent comms, but it won't stop traffic getting to you and then perhaps being logged. Some sort of firewall with a policy that denies them without logging? - Original Message - From: Jorge Biquez [mailto:jbiq...@intranet.com.mx] S