Difference between revisions of "BSD Packet filtering Basics"

From RSWiki
Jump to navigation Jump to search
(Created page with '==Enabling PF== Edit '''/etc/rc.local''' and search for the pf entries. Change so that that look like this: pf=YES # Packet filter / NAT ==Creating a new tab…')
 
Line 1: Line 1:
 +
{{Adwords}}
 +
 
==Enabling PF==
 
==Enabling PF==
  
Line 47: Line 49:
  
 
  tcpdump -n -e -ttt -i pflog0
 
  tcpdump -n -e -ttt -i pflog0
 +
 +
 +
 +
[[Category:BSD| ]]
 +
{{Adwords}}

Revision as of 23:59, 17 August 2009

Template:Adwords

Enabling PF

Edit /etc/rc.local and search for the pf entries. Change so that that look like this:

pf=YES                  # Packet filter / NAT

Creating a new table for banned hosts

Edit /etc/pf.conf and add a new table at the bottom of the file with the following:

table <spammers> persist file "/etc/spammers"
block in log (all) quick on vic0 from <spammers> to any

Save the file and in the /etc directory create your spammers file as mentioned above:

touch /etc/spammers

Permanently Blocking a host

To permanently block a host or network, add their IP address of the CIDR of the networks into the /etc/spammers file.

Blocking a host or network on the fly

To block a host or network on the fly, add their IP address or CIDR using the pfctl command as follows:

pfctl -t spammers -T add 192.168.1.0/24

Unblocking a host or network on the fly

To unblock a host or network on the fly, again use the pfctl command as follows:

pfctl -t spammers -T delete 192.168.1.0/24

Viewing a list of blocked hosts

You can view a list of banned IP addresses and networks with the following command:

pfctl -t spammers -T show

Logging of blocked hosts and networks

When creating the table in /etc/pf.conf we enabled logging to /var/log/pflog. However this file is in binary format but can be read using tcpdump. To view the entire contents of the file, run the following command:

tcpdump -n -e -ttt -r /var/log/pflog

To view the log in realtime you would use the following command:

tcpdump -n -e -ttt -i pflog0

Template:Adwords