On Sat, Dec 09, 2006 at 02:43:38AM -0700, David B. wrote: > I've looked an man pf, and it's way too confusing; I'm using smoothwall as a > standalone firewall, and it pretty much works the way I want it to; however, > I've found a reason to block a an IP range, particularly 216.87.0.0/17; > is there an equivalent to an iptables command I can use to simply > drop all traffic coming from that range? > > like go into a file, and have a command in the form of: 'drop all from > 216.87.0.0/17'?
The man pages you *probably* want are pf.conf(5) and pfctl(8). Also see http://www.openbsd.org/faq/pf/ The answer is yes, you can do that. Quick answer: echo 'block drop in from 216.87.0.0/17' | pfctl -mf - -n The above won't work until you read the man page for pfctl and remove one of the options. ;) There are better ways in the long run. Read about tables. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
