Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!news.mel.connect.com.au!news.syd.connect.com.au!phaedrus.kralizec.net.au!news.mel.aone.net.au!news.netspace.net.au!news.mira.net.au!vic.news.telstra.net!news.telstra.net!news.att.net.au!news.att.net.hk!newsgate.cuhk.edu.hk!news-hk.gsl.net!news.gsl.net!news-peer.gsl.net!news-peer.sprintlink.net!news.sprintlink.net!sprint!howland.erols.net!feed1.news.erols.com!dispatch.news.demon.net!demon!fido.news.demon.net!demon!new
s2.euro.net!wirehub!orion
From: gerard at@ signet.nl (Gerard Haagh)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: Need help with IPFW and FreeBsd 2.1.7
Date: Thu, 17 Apr 97 16:56:59 GMT
Organization: Wirehub! Internet
Message-ID: <5j5kv0$bo6$1@thor.wirehub.nl>
References: <01bc4b32$64587ce0$664c1bcc@tony.gcr1.com>
NNTP-Posting-Host: asy15.signet.nl
X-Newsreader: News Xpress 2.0 Beta #0
Lines: 32
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:39283
In article <01bc4b32$64587ce0$664c1bcc@tony.gcr1.com>, "Tony" <tony@gcr1.com> wrote:
>I'm trying to get info on setting this up so that I can block ONLY a few
>IPs from the box ...?? Any ideas ?
>
>Thanks,
>Tony
>--
>
>
>
>>>>> N5GPI WWW SITE - HTTP://WWW.GCR1.COM/N5GPI <<<<
> Best Experienced with Microsoft Internet Explorer 2+
>
I assume that you have build a kernel with firewall option set.
In /etc/rc.firewall, add following lines:
ipfw flush
ipfw add reject all from ip-address/bits-in-netmask to any
....repeat for each IP you want to block...
ipfw add allow all from any to any
where "bits-in-netmask" is 24 for a class C network.
eg.: ipfw add reject all from 194.178.13.34/24 to any
to deny access from 194....34 to your box.
The reject line refuses all IP traffic, including DNS !
Gerard Haagh
gerard at signet.nl.