BSD Packet filtering Basics
Template:AdWords2 Please considering making a donation to keep this site running In the three years that I have been running this site costs have increased significantly. Unfortunately advertising does not come anywhere near covering the costs to keep this site running. Any donations, however small will help enormously in keeping this site running. If you found the information on this page helpful in any way why not make a donation now? <donationform></donationform>
BSD Packet Filter Basics
Enabling PF
Edit /etc/rc.local and search for the pf entries. Change so that that look like this:
pf=YES # Packet filter / NAT
You need to reboot for the changes to take effect.
Creating a new table for banned hosts
Edit /etc/pf.conf and add a new table at the bottom of the file with the following:
table <spammers> persist file "/etc/spammers" block in log (all) quick on vic0 from <spammers> to any
Save the file and in the /etc directory create your spammers file as mentioned above:
touch /etc/spammers
Permanently Blocking a host
To permanently block a host or network, add their IP address of the CIDR of the networks into the /etc/spammers file.
Blocking a host or network on the fly
To block a host or network on the fly, add their IP address or CIDR using the pfctl command as follows:
pfctl -t spammers -T add 192.168.1.0/24
Unblocking a host or network on the fly
To unblock a host or network on the fly, again use the pfctl command as follows:
pfctl -t spammers -T delete 192.168.1.0/24
Viewing a list of blocked hosts
You can view a list of banned IP addresses and networks with the following command:
pfctl -t spammers -T show
Logging of blocked hosts and networks
When creating the table in /etc/pf.conf we enabled logging to /var/log/pflog. However this file is in binary format but can be read using tcpdump. To view the entire contents of the file, run the following command:
tcpdump -n -e -ttt -r /var/log/pflog
To view the log in realtime you would use the following command:
tcpdump -n -e -ttt -i pflog0