On Sunday 04 April 2004 09:17 pm, H.Wade Minter wrote: > I've got a system that's sending a ton of referral spam to websites on > my RELENG_4_9 system. I'd like to block them from accessing my system > at the TCP level. What's the best and easiest way to do this? > > I assume I'll need to recompile the kernel with IPFIREWALL or IPFILTER > support, then set up some rules. Does anyone have a recommendation for > a simple ruleset to block one particular IP? > > Thanks, > Wade
If that's *really* all you want to do, setup your kernel config to IPFIREWALL_DEFAULT_ACCEPT (or whatever it really is) and simply add a single rule to your firewall script. Add the following to your rc.conf file: firewall_enable="YES" firewall_script="/etc/localhost.firewall" create a file in /etc/ called localhost.firewall with the following text: ipfw -f flush ipfw add 100 deny all from <your_bad_ip_here> to me in --> via <oif> where <oif> is the device name for your outside ethernet adapter. all of that's on one line, btw. restart the system, and you should be good to go. Make SURE you have console access when playing with firewall rules. Otherwise, you could block your ssh access. HTH -- Eric F Crist AdTech Integrated Systems, Inc (612) 998-3588
pgp00000.pgp
Description: signature
