BSD Packet filtering Basics: Difference between revisions
(Created page with '==Enabling PF== Edit '''/etc/rc.local''' and search for the pf entries. Change so that that look like this: pf=YES # Packet filter / NAT ==Creating a new tab…') |
(No difference)
|
Revision as of 23:58, 17 August 2009
Enabling PF
Edit /etc/rc.local and search for the pf entries. Change so that that look like this:
pf=YES # Packet filter / NAT
Creating a new table for banned hosts
Edit /etc/pf.conf and add a new table at the bottom of the file with the following:
table <spammers> persist file "/etc/spammers" block in log (all) quick on vic0 from <spammers> to any
Save the file and in the /etc directory create your spammers file as mentioned above:
touch /etc/spammers
Permanently Blocking a host
To permanently block a host or network, add their IP address of the CIDR of the networks into the /etc/spammers file.
Blocking a host or network on the fly
To block a host or network on the fly, add their IP address or CIDR using the pfctl command as follows:
pfctl -t spammers -T add 192.168.1.0/24
Unblocking a host or network on the fly
To unblock a host or network on the fly, again use the pfctl command as follows:
pfctl -t spammers -T delete 192.168.1.0/24
Viewing a list of blocked hosts
You can view a list of banned IP addresses and networks with the following command:
pfctl -t spammers -T show
Logging of blocked hosts and networks
When creating the table in /etc/pf.conf we enabled logging to /var/log/pflog. However this file is in binary format but can be read using tcpdump. To view the entire contents of the file, run the following command:
tcpdump -n -e -ttt -r /var/log/pflog
To view the log in realtime you would use the following command:
tcpdump -n -e -ttt -i pflog0