BSD Packet filtering Basics: Difference between revisions

From RSWiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
{{AdWords2}}
{{AdWords2}}
'''Please considering making a donation to keep this site running''' In the three years that I have been running this site costs have increased significantly. Unfortunately advertising does not come anywhere near covering the costs to keep this site running. Any donations, however small will help enormously in keeping this site running. If you found the information on this page helpful in any way why not make a donation now? <donationform></donationform>


===BSD Packet Filter Basics===
===BSD Packet Filter Basics===

Revision as of 14:08, 8 December 2009

Template:AdWords2 Please considering making a donation to keep this site running In the three years that I have been running this site costs have increased significantly. Unfortunately advertising does not come anywhere near covering the costs to keep this site running. Any donations, however small will help enormously in keeping this site running. If you found the information on this page helpful in any way why not make a donation now? <donationform></donationform>

BSD Packet Filter Basics

Enabling PF

Edit /etc/rc.local and search for the pf entries. Change so that that look like this:

pf=YES                  # Packet filter / NAT

You need to reboot for the changes to take effect.

Creating a new table for banned hosts

Edit /etc/pf.conf and add a new table at the bottom of the file with the following:

table <spammers> persist file "/etc/spammers"
block in log (all) quick on vic0 from <spammers> to any

Save the file and in the /etc directory create your spammers file as mentioned above:

touch /etc/spammers

Permanently Blocking a host

To permanently block a host or network, add their IP address of the CIDR of the networks into the /etc/spammers file.

Blocking a host or network on the fly

To block a host or network on the fly, add their IP address or CIDR using the pfctl command as follows:

pfctl -t spammers -T add 192.168.1.0/24

Unblocking a host or network on the fly

To unblock a host or network on the fly, again use the pfctl command as follows:

pfctl -t spammers -T delete 192.168.1.0/24

Viewing a list of blocked hosts

You can view a list of banned IP addresses and networks with the following command:

pfctl -t spammers -T show

Logging of blocked hosts and networks

When creating the table in /etc/pf.conf we enabled logging to /var/log/pflog. However this file is in binary format but can be read using tcpdump. To view the entire contents of the file, run the following command:

tcpdump -n -e -ttt -r /var/log/pflog

To view the log in realtime you would use the following command:

tcpdump -n -e -ttt -i pflog0


References

  • [1] pf tables FAQ on OpenBSD.org
  • [2] pf logging FAQ on OpenBSD.org
  • [3] FreeBSD / OpenBSD: PF Firewall Filter Large Number Of Subnets and IP Address.

Template:AdWords