BSD Packet filtering Basics: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{{ | {{AdWords2}} | ||
===BSD Packet Filter Basics=== | |||
==Enabling PF== | ==Enabling PF== | ||
Line 51: | Line 53: | ||
==References== | |||
*[http://www.openbsd.com/faq/pf/tables.html] pf tables FAQ on OpenBSD.org | |||
*[http://www.openbsd.com/faq/pf/logging.html] pf logging FAQ on OpenBSD.org | |||
*[http://www.cyberciti.biz/faq/opebsd-pf-firewall-block-subnets-ip-address/] FreeBSD / OpenBSD: PF Firewall Filter Large Number Of Subnets and IP Address. | |||
[[Category:BSD| ]] | [[Category:BSD| ]] | ||
{{ | |||
{{AdWords}} |
Revision as of 09:02, 18 August 2009
BSD Packet Filter Basics
Enabling PF
Edit /etc/rc.local and search for the pf entries. Change so that that look like this:
pf=YES # Packet filter / NAT
Creating a new table for banned hosts
Edit /etc/pf.conf and add a new table at the bottom of the file with the following:
table <spammers> persist file "/etc/spammers" block in log (all) quick on vic0 from <spammers> to any
Save the file and in the /etc directory create your spammers file as mentioned above:
touch /etc/spammers
Permanently Blocking a host
To permanently block a host or network, add their IP address of the CIDR of the networks into the /etc/spammers file.
Blocking a host or network on the fly
To block a host or network on the fly, add their IP address or CIDR using the pfctl command as follows:
pfctl -t spammers -T add 192.168.1.0/24
Unblocking a host or network on the fly
To unblock a host or network on the fly, again use the pfctl command as follows:
pfctl -t spammers -T delete 192.168.1.0/24
Viewing a list of blocked hosts
You can view a list of banned IP addresses and networks with the following command:
pfctl -t spammers -T show
Logging of blocked hosts and networks
When creating the table in /etc/pf.conf we enabled logging to /var/log/pflog. However this file is in binary format but can be read using tcpdump. To view the entire contents of the file, run the following command:
tcpdump -n -e -ttt -r /var/log/pflog
To view the log in realtime you would use the following command:
tcpdump -n -e -ttt -i pflog0