2007/9/15, Mel <[EMAIL PROTECTED]>: > > On Saturday 15 September 2007 23:18:17 Agus wrote: > > > I am trying to figure out how to add a firewall rule with pfctl... > > This is what i'm trying to do... > > > > I've got SEC that matches certain pattern and takes the IP from that and > > want to trigger a firewall rule to block that IP.... > > Then after a couple of hours SEC will trigger the command to un-block > the > > IP... > > So what i need is the command to block an IP address from command line, > not > > touching any pf.conf.... > > If you don't need to add a rule but an IP, then tables are your friend. > Example for /etc/pf.conf: > # Placeholder for spammers table, non-routable network IP. > table <spammers> persist { 192.168.111.111 } > # Block this traffic > block return-rst in log on $ext_if proto tcp from <spammers> port smtp > > Then on the command line: > /sbin/pfctl -t spammers -Tadd ip.from.new.spammer > And to delete: > /sbin/pfctl -t spammers -Tdel ip.from.old.spammer > > -- > Mel > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > [EMAIL PROTECTED]" >
Hi, I put this on /etc/pf.conf external_addr="192.168.1.11" which is the address of the only interface. This machine isn't a router. block drop in quick on $ext_if inet proto tcp from 192.168.0.1 to $external_addr port ssh but when i try to connect from 192.168.0.1 i connect with no problems...this rule is to block access.. What am i doing wrong..is my first time with pf... Thankss... _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"