Re: Importing into rc.firewal rules
--pWyiEgJYm5f9v55/
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sat, Nov 20, 2004 at 01:32:15PM -0500, Francisco Reyes wrote:
> I have a grown list of IPs that I am "deny ip from ###.### to any".
> Infected machines, hackers, etc..
>=20
> Is there a way to have this list outside of rc.firewall and just read it=
=20
> in?
I don't know how strong your bond with ipfw is, but it seems like pf has
exactly what you need. For example:
#--- excerpts from pf documentation ---
Tables can also be populated from text files containing a list of IP addres=
ses
and networks:
table <spammers> persist file "/etc/spammers"
block in on fxp0 from <spammers> to any
Tables can be manipulated on the fly by using pfctl(8). For instance, to add
entries to the <spammers> table created above:
# pfctl -t spammers -T add 218.70.0.0/16
#--- excerpts from pf documentation ---
If ipfw isn't a tradition in your family, you might want to consider switch=
ing
to pf for those specific needs. :)
Andrew
--pWyiEgJYm5f9v55/
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFBoBgZ5Jhyz2/cFigRAlxtAKD8FAhpdXFrs6Y33M6u8WU3iq0jAQCgzkVZ
ec5M8IeYwzsQFlu7Ts833XY=
=Ch70
-----END PGP SIGNATURE-----
--pWyiEgJYm5f9v55/--
討論串 (同標題文章)
完整討論串 (本文為第 6 之 10 篇):