Hello everyone I'm just curious I want to include a file in rc.firewall for example international.ban. Basically I want to add a ban file with a series of netdir blocks so
I dont use ipv6 with ipfw I use ip6fw which is adjusted corectly
But just for clarification does this look correct? I would test it but I would have to reboot the whole router because it's on kernel secure level is high. So I want this to be a few sec downtime.
Of course the `sh /etc/international` looks like this
Of course this list is longer right now it's in /etc/rc.firewall
but I want it on a different file so rc.firewall can just hold the principle rules and another file (I.E international.band) can hold just bans from different countries.
If this is correct or if you see anything wrong please correct me.
Thank you
Code:
#!/bin/sh
BANS=`sh /etc/international.ban`
exec $BAN;
ipfw -q flush
# IPv4
ipfw add 500 divert natd all from any to any via tun0
ipfw add 1000 allow ip from any to any via lo0
ipfw add 65000 allow ip from any to any
ipfw add 65535 deny ip from any to any
# Denied ports to all systems.
ipfw add 04964 deny tcp from any to any 22 in via tun0 setup keep-state
I dont use ipv6 with ipfw I use ip6fw which is adjusted corectly
But just for clarification does this look correct? I would test it but I would have to reboot the whole router because it's on kernel secure level is high. So I want this to be a few sec downtime.
Of course the `sh /etc/international` looks like this
Code:
# China's Block ranges
ipfw add 100 drop ip from 58.14.0.0/15 to any
ipfw add 100 drop ip from 58.16.0.0/16 to any
ipfw add 100 drop ip from 58.17.0.0/17 to any
ipfw add 100 drop ip from 58.17.128.0/17 to any
ipfw add 100 drop ip from 58.18.0.0/16 to any
ipfw add 100 drop ip from 58.19.0.0/16 to any
ipfw add 100 drop ip from 58.20.0.0/16 to any
ipfw add 100 drop ip from 58.21.0.0/16 to any
ipfw add 100 drop ip from 58.22.0.0/15 to any
ipfw add 100 drop ip from 58.24.0.0/15 to any
ipfw add 100 drop ip from 58.30.0.0/15 to any
ipfw add 100 drop ip from 58.32.0.0/13 to any
ipfw add 100 drop ip from 58.40.0.0/15 to any
ipfw add 100 drop ip from 58.42.0.0/16 to any
ipfw add 100 drop ip from 58.43.0.0/16 to any
ipfw add 100 drop ip from 58.44.0.0/14 to any
ipfw add 100 drop ip from 58.48.0.0/13 to any
ipfw add 100 drop ip from 58.56.0.0/15 to any
ipfw add 100 drop ip from 58.58.0.0/16 to any
ipfw add 100 drop ip from 58.59.0.0/17 to any
Of course this list is longer right now it's in /etc/rc.firewall
but I want it on a different file so rc.firewall can just hold the principle rules and another file (I.E international.band) can hold just bans from different countries.
If this is correct or if you see anything wrong please correct me.
Thank you