Search This Blog

2013-05-21

Firewall Rules in FreeBSD/Unix

Blocking all traffic to a specific ip_address:

/etc/rc.d/ipfw restart
Cannot 'restart' ipfw. Set firewall_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'.

/etc/rc.d/ipfw onerestart
net.inet.ip.fw.enable: 0 -> 0
net.inet6.ip6.fw.enable: 1 -> 0
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
65000 allow ip from any to any
Firewall rules loaded.

ipfw add 1 deny ip from any to (ip_address)

ping (ip_address)
PING (ip_address) ((ip_address)): 56 data bytes
ping: sendto: Permission denied
ping: sendto: Permission denied


Remove Route

ipfw delete 1 deny ip from any to (ip_address)

No comments:

Post a Comment