I am running IPFW on my FreeBSD 8.4 server. I have noticed an an unusual amount of activity against hosted web pages from a IP range in China. I am suspecting they are probing for weakness so I want to block their access.
ipfw show
provides the following and shows some success with rule 00005, but a couple of the IPs get through. The truth of the matter is I can not remember why I have rules 00060 and 00070. They seem kind of open. I am sure I am messing something simple up
Code:
00005 258 16499 deny ip from 123.125.0.0/16 to any
00006 0 0 deny tcp from 123.125.0.0/16 to any
00010 70227 164631174 allow ip from any to any via lo0
00015 0 0 allow ip from any to any via tap0
00025 0 0 allow ip from any to 10.8.0.0/24 keep-state
00027 0 0 allow ip from 10.8.0.0/24 to any keep-state
00030 0 0 allow ip from any to 10.8.0.0/24 keep-state
00031 0 0 allow ip from 10.8.0.0/24 to any keep-state
00040 0 0 deny tcp from any to any frag
00041 0 0 deny ip from 221.192.199.49 to any
00042 0 0 deny ip from 81.196.166.90 to any
00043 0 0 deny ip from 61.160.215.160 to any
00044 0 0 deny udp from 123.125.0.0/16 to any
00050 0 0 check-state
00060 1068026 758906217 allow tcp from any to any established
00070 77243 14528669 allow ip from any to any out keep-state
00080 283 28346 allow icmp from any to any
00100 21228 1193978 allow log tcp from any to me dst-port 21 in setup keep-state
00105 0 0 allow log tcp from me 20,21 to any out keep-state
00110 0 0 allow log tcp from any to any dst-port 21 in
00120 0 0 allow log tcp from any to any dst-port 21 out
00130 253 14820 allow tcp from any to any dst-port 22 in
00140 0 0 allow tcp from any to any dst-port 22 out
00150 10638 3570756 allow log tcp from any to any dst-port 25 in keep-state
00160 0 0 allow log tcp from any to any dst-port 25 out keep-state
00170 2894 212704 allow udp from any to any dst-port 53 in
00175 1 40 allow tcp from any to any dst-port 53 in
00180 0 0 allow udp from any to any dst-port 53 out
00185 0 0 allow tcp from any to any dst-port 53 out
00190 6101 362356 allow tcp from any to any dst-port 80 in
00192 0 0 allow tcp from any to any dst-port 8010 in
00193 0 0 allow tcp from any to any dst-port 8010 out
00195 0 0 allow tcp from any to any dst-port 80 out
00196 0 0 allow tcp from any to any dst-port 81 in
00197 0 0 allow tcp from any to any dst-port 81 out
00198 0 0 allow udp from any to any dst-port 81 in
00199 0 0 allow udp from any to any dst-port 81 out
00200 42 2428 allow tcp from any to any dst-port 110 in
00201 0 0 allow tcp from any to any dst-port 110 out
00205 9 462 deny udp from any to any dst-port 123 in
00206 0 0 deny udp from any to any dst-port 123 out
00211 19968 1557720 allow udp from any to any dst-port 137 in
00212 0 0 allow tcp from any to any dst-port 137 in
00213 0 0 allow udp from any to any dst-port 137 out
00214 0 0 allow tcp from any to any dst-port 137 out
00215 2953 652781 allow udp from any to any dst-port 138 in
00216 0 0 allow tcp from any to any dst-port 138 in
00217 0 0 allow udp from any to any dst-port 138 out
00218 0 0 allow tcp from any to any dst-port 138 out
00223 0 0 allow udp from any to any dst-port 139 in
00224 0 0 allow udp from any to any dst-port 139 out
00225 1 48 allow tcp from any to any dst-port 139 in
00226 0 0 allow tcp from any to any dst-port 139 out
00227 24 1268 allow tcp from any to any dst-port 443 in
00228 0 0 allow tcp from any to any dst-port 443 out
00237 0 0 allow tcp from any to any dst-port 445 in
00238 0 0 allow tcp from any to any dst-port 445 out
00239 0 0 allow udp from any to any dst-port 445 in
00240 0 0 allow udp from any to any dst-port 445 out
00241 206 11708 allow ip from any to any dst-port 465 in
00242 0 0 allow ip from any to any dst-port 465 out
00243 0 0 allow ip from any to any dst-port 554 in
00244 0 0 allow ip from any to any dst-port 554 out
00246 275 14420 allow ip from any to any dst-port 587 in
00247 0 0 allow ip from any to any dst-port 587 out
00250 418 26012 allow tcp from any to any dst-port 993 in
00251 0 0 allow tcp from any to any dst-port 993 out
00260 1146 73344 allow tcp from any to any dst-port 995 in
00261 0 0 allow tcp from any to any dst-port 995 out
00270 0 0 allow ip from any to any dst-port 1194 setup
00271 0 0 allow udp from any to me dst-port 1194
00280 0 0 allow tcp from any to any dst-port 1220 in
00285 0 0 allow tcp from any to any dst-port 1220 out
00300 951 42308 allow tcp from any to any dst-port 2500 in
00301 0 0 allow tcp from any to any dst-port 2500 out
00320 5 200 allow tcp from any to any dst-port 3128 in
00322 0 0 allow tcp from any to any dst-port 3218 out
00350 1338 84454 allow tcp from any to any dst-port 3306 in keep-state
00356 0 0 allow tcp from any to any dst-port 3306 out keep-state
00370 0 0 allow ip from any to any dst-port 7070 in
00371 0 0 allow ip from any to any dst-port 7070 out
00380 0 0 allow tcp from any to any dst-port 9000 in
00381 0 0 allow tcp from any to any dst-port 9000 out
00400 0 0 allow tcp from 209.160.65.133 to any keep-state
00405 0 0 allow tcp from 209.160.68.112 to any keep-state
00410 0 0 allow udp from me to any keep-state
00500 75936 35319466 deny log ip from any to any
65535 0 0 deny ip from any to any