ipf.rules and hash:/etc/files ??

P

pcnetworks

So, I regularily add IP addresses and subnets to my /etc/ipf.rules file, for the purpose of banning any type of connectivity from would-be-hackers.

--snip--
#-----------------------------------------------------------------------
# Block all inbound traffic from nasty hackers
#-----------------------------------------------------------------------
block in log first quick on gem0 from 123.0.0.0/8 to any
block in log first quick on gem0 from 456.0.0.0/12 to any
block in log first quick on gem0 from 789.0.0.0/16 to any
--snip--

and so on and so on...

The list is getting fairly large, so started wondering if I could use a hash file, similar to how you do things with a postfix setup from its main.cf file.

Something like:

--snip--
#-----------------------------------------------------------------------
# Block all inbound traffic from nasty hackers
#-----------------------------------------------------------------------
block in log first quick on gem0 from hash:/etc/banned_subnets to any
--snip--

Or something along those lines.

I've done a good amount of Googling to no aval, so maybe I'm trying to do something that just isn't done?

Any info or suggestions would be most appreciated.

Thanks! :)
-
Chris
 
pf firewall has option to read directly from text files. With iptables and ipf you need to take help of a shell script and while loop as follows:
Code: 
#!/bin/sh
# add your init ipf rules

### start mass blocking
while read line
do
        block in log first quick on gem0 from $line to any
done < /usr/local/etc/badips.txt

### Rest of rules goes here
/usr/local/etc/badips.txt:
Code: 
94.232.248.0/21 
94.247.0.0/21 
95.129.144.0/23 
95.129.146.0/24 
95.215.76.0/22


Another option is to create groups and do the same.
 
With PF you can use a table for this, then you can add IPs on the fly

Code: 
table <badguys> { 1.2.3.4, 10.0.0.0/8 } persist file "/etc/badguys"

block in quick on $ext_if from <badguys> to any

Show the contents of the table:
# pfctl -t badguys -Tshow

Add an ip:
# pfctl -t badguys -T add 2.3.4.5

http://www.openbsd.org/faq/pf/tables.html
 
SirDice said:
Code: 
table <badguys> { 1.2.3.4, 10.0.0.0/8 } persist file "/etc/badguys"
Click to expand...

Never seen an IP declaration and a file in the same table rule ..
 
You're right, I mixed the 2 up..

It's either
Code: 
table <badguys> persist file "/etc/badguys"
or
Code: 
table <badguys> { 1.2.3.4, 10.0.0.0/8 }
 
You must log in or register to reply here.
Back
Top