what exactly needs to happened in pf.conf so a range of ips gets blocked?!
in this case he range in <badstuff> is not blocked. i tried putting the
block right after the table declaration also… nothing spectacular
happened..
any help would be appreciated… thanks…
here is my ruleset:
table <badstuff> { 46.19.139.0/24 }
tcp_in = "{ domain, www, https }"
udp = "{ domain, ntp, snmp }"
ping = "echoreq"
set skip on lo
scrub in
antispoof for bge0 inet
block in all
pass out all keep state
### for tracroutes
pass out inet proto udp from any to any port 33433 >< 33626 keep state
pass proto udp to any port $udp
##icmp
pass inet proto icmp all icmp-type $ping keep state
## passing in
##pass in inet proto tcp to any port $tcp_in keep state
pass in inet proto tcp to any port $tcp_in flags S/SAF synproxy state
pass proto tcp to any port ssh
block in on bge0 from { <badstuff> } to any
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
