Results 1 to 15 of 15
  1. #1
    Join Date
    Mar 2005
    Posts
    306

    how to block ip in freebsd

    Hi

    There is a ip attacking my server, how to block this ip in freebsd?

  2. #2
    Assuming you have iptables installed ....

    iptables -I INPUT -s 25.55.55.55 -j DROP

    Just replace the 25.55.55.55 with the attacking Ip.

    Also, you might want to consider installing something like BFD to automatically take care of this in the future.
    Your Way IT
    Fully Managed Colocations System Administration Web Development
    Toll Free: 1-866-775-4787

  3. #3
    Join Date
    Mar 2005
    Posts
    306
    but i think freebsd does not have iptables

  4. #4
    You're completely right. Sorry, I've just been installing APF and BFD all morning so I just read your post too quick.

    For starters throw the ip in /etc/hosts.deny. I believe there are BSD equivalents of iptables but I have not used them. A quick google search did turn up some results of programs called ipfilter, ipnat .

    This URL may also be helpful: http://www.freebsd.org/doc/en_US.ISO...alls-apps.html
    Your Way IT
    Fully Managed Colocations System Administration Web Development
    Toll Free: 1-866-775-4787

  5. #5
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    ipfw add deny from 196.168.2.1 to any

    If you have ipfw in your kernel. You could also load it with kldload in most cases.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  6. #6
    Join Date
    Mar 2005
    Posts
    306
    i want to use ipfw and ipf, anybody can provide exact command?

  7. #7
    Join Date
    Oct 2005
    Location
    Fleet Street
    Posts
    3,243
    i want to use ipfw and ipf, anybody can provide exact command?
    Steven just did...
    ipfw add deny from 196.168.2.1 to any
    where 192.168.2.1 is the ip you want to block (although adding in via type to the end would be better )

    If you don't have ipfw loaded, I'd highly recommend recompiling your kernel with it, but as Steven said, you can probably also use kldload to load it.

  8. #8
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,873
    The correct way would be:

    ipfw deny ip from <ipaddress> to any via <interface>

    Eample:
    ipfw deny ip from 1.2.3.4 to any via bge0

    You can get your inteface name by typing ifconfig...

  9. #9
    Join Date
    Jul 2001
    Location
    Singapore
    Posts
    1,790
    Quote Originally Posted by Pat H
    The correct way would be:

    ipfw deny ip from <ipaddress> to any via <interface>

    Eample:
    ipfw deny ip from 1.2.3.4 to any via bge0

    You can get your inteface name by typing ifconfig...
    Steven's one is good enough whereby yours lack of add command in your ipfw... ...
    Giam Teck Choon
    :: Join choon.net Community today to share your tips and tricks on server issues please ::
    :: Singapore Dedicated Servers :: Singapore Virtual Private Servers :: Linux/FreeBSD Server Management ::

  10. #10
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    Quote Originally Posted by Pat H
    The correct way would be:

    ipfw deny ip from <ipaddress> to any via <interface>

    Eample:
    ipfw deny ip from 1.2.3.4 to any via bge0

    You can get your inteface name by typing ifconfig...

    If you are going to contradict a method of doing something at least make sure yours is correct. The interface is not required.
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  11. #11
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,873
    Quote Originally Posted by choon
    Steven's one is good enough whereby yours lack of add command in your ipfw... ...
    Steven's also doesn't work?

    # ipfw add deny from 196.168.2.1 to any
    ipfw: unrecognised option [-1] from


  12. #12
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,873
    Quote Originally Posted by Steven
    If you are going to contradict a method of doing something at least make sure yours is correct. The interface is not required.
    I'm not contradicting anything. I posted a working way to block an IP address, but you are correct that the interface isn't really needed.

    You're the last person I want to get into a technical "show down" with.

  13. #13
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,262
    guess we both forgot part of it. You forgot the add and i forgot the ip

    LA1063# ipfw add deny ip from 196.168.2.1 to any
    00200 deny ip from 196.168.2.1 to any
    LA1063#
    Steven Ciaburri | Proactive Linux Server Management - Rack911.com
    System Administration Extraordinaire | Follow us on twitter:@Rack911Labs
    Managed Servers (AS62710), Server Management, and Security Auditing.
    www.HostingSecList.com - Security notices for the hosting community.

  14. #14
    Join Date
    Jul 2003
    Location
    Texas
    Posts
    785
    I would not use 'ipfw' if your new to it. It has a nice way of locking you out completely if you do not have a open ruleset ready to load or custom kernel telling it to pass all by default. 'pf' on the other hand is very easy to use and quite tame.

    See below and enjoy

    Paste this into a new copy of your '/etc/pf.conf'

    ### start

    # External
    ext_if = "em1"
    set loginterface $ext_if
    set block-policy drop

    # Any host or range listed in this macro will be blocked.
    badguys="{ 192.168.1.100, 192.160.1.2, 192.168.200.0/24 }"

    # With logging ( chews up CPU during dDoS )
    # block in log quick on $ext_if from $badguys

    # Without logging
    block in quick on $ext_if from $badguys

    ### End

    Paste this into a '/etc/pf.conf.open' You will need to create a new file for this.

    ### start

    pass all

    ### end

    Then run the following as root via ssh

    kldload pf.ko

    # Enable PF on boot via rc.conf
    grep pf_ /etc/defaults/rc.conf | sed 's/NO/YES/g' >> /etc/pf.conf

    # Enable PF real time ( should not lock you out )
    pfctl -e
    # View the rules / Test
    pfctl -vvv -nf /etc/pf.conf

    # When you see no syntax errors you can try them out for 60 seconds
    # note you will freeze the current ssh term when this happens. Have a second
    # ready to test with.

    pfctl -v -f /etc/pf.conf; sleep 60 ; pfctl -v -f /etc/pf.conf.open

    # Once the rules are all good you can load them

    pfctl -vvv -f /etc/pf.conf

    # To see stats view ( remove 'v's ' to lower verbosity

    pfctl -sa -vvvv

    # Disable pf
    pfctl -d

    See http://www.openbsd.org/faq/pf

    For more details.

    Jeremy
    Last edited by Cirrostratus; 07-14-2006 at 03:05 AM.

  15. #15
    Join Date
    Jul 2003
    Location
    Texas
    Posts
    785
    Forgot one important line.

    Put this right after the 'badguys' line

    # Example

    badguys="{ 192.168.1.100, 192.160.1.2, 192.168.200.0/24 }"

    # Pass all by default
    pass all

  16. Newsletters

    Subscribe Now & Get The WHT Quick Start Guide!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •