IPFW IPFW: Blacklisted IPs are removed after rebooting the server or firewall

Hello,

I am using IPFW firewall on my server (with FreeBSD 11.2). I have a problem with IPFW that whenever I reboot the server or restart the firewall, the blocked IPs in the IPFW table are being removed.

I would appreciate if you provide me with a solution to resolve this issue.

Thank you very much and thank you in advanced.
 
What are you using to block them in the first place? Note that tables are only stored in memory, they are not stored on disk and therefor do not survive a reboot.
 
parse the file with the ip addresses from the file using the following command in your ipfw.rules
cat /usr/local/etc/ipfw.table1 | xargs -n1 ipfw table 1 add

It will look something like this:
Code:
#!/bin/sh
# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
fwcmd="ipfw -q add"
cat /usr/local/etc/ipfw.table1 | xargs -n1 ipfw table 1 add

# Your rulse goes bellow
ps.
in the new version of ipfw you need to create the table before starting to populate the records in it.
ipfw table 1 create
 
While this works for loading a table from a file, it does not save that table when you stop the firewall or shutdown/reboot the machine. So any and all modifications to the table in memory are lost.
 
it's easy to export the table it should look like something like this

ipfw table 2 list | sed '1d' > /tmp/t2_export.txt

This will export the table 2 and the set number next to the ip address.

For import use

ipfw table 2 flush
cat /tmp/t2_export.txt | xargs ipfw table 2 add


Here is some example for importing the ip addresses from spamhause into test table

ipfw table test create

Code:
#!/bin/csh
fetch -o /tmp/drop.txt "http://www.spamhaus.org/drop/drop.txt"
sed -i '' "s/;.*//" /tmp/drop.txt
ipfw table test flush
foreach IP ( `cat /tmp/drop.txt` )
        ipfw table test add $IP
end

ipfw table test info
ipfw table test destroy
 
Thank you very much for your reply and help,

What are you using to block them in the first place? Note that tables are only stored in memory, they are not stored on disk and therefor do not survive a reboot.
I installed IPFW and Automated the IP management using DirectAdmin Brute Force Monitor system. This is the how to article which I used :
How to automate and manage IP block unblock using IPFW + FreeBSD + DirectAdmin Brute Force Monitor

it's easy to export the table it should look like something like this

ipfw table 2 list | sed '1d' > /tmp/t2_export.txt

This will export the table 2 and the set number next to the ip address.

For import use

ipfw table 2 flush
cat /tmp/t2_export.txt | xargs ipfw table 2 add


Here is some example for importing the ip addresses from spamhause into test table

ipfw table test create

Code:
#!/bin/csh
fetch -o /tmp/drop.txt "http://www.spamhaus.org/drop/drop.txt"
sed -i '' "s/;.*//" /tmp/drop.txt
ipfw table test flush
foreach IP ( `cat /tmp/drop.txt` )
        ipfw table test add $IP
end

ipfw table test info
ipfw table test destroy
Thank you very much. Would you please mention if there is a way to automate this process after restarting the server ?
I mean I save all the IPs in a txt file and when ever I restart the server, they get imported into the tables which are stored in the memory ?

Thank you
 
Read again my first post. I already give you example how to include it there.

in your /etc/rc.conf check where is your firewall script
firewall_script="/usr/local/etc/ipfw.rules"

Then edit your /usr/local/etc/ipfw.rules and add there

cat /usr/local/etc/ipfw.table1 | xargs ipfw table 1 add

if in your file that cointain the list of the IP addresses are delimated only with space without new line (LF) you can use

cat /usr/local/etc/ipfw.table1 | xargs -n1 ipfw table 1 add

This will parse each argument and will add it using ipfw table 1 add
 
Read again my first post. I already give you example how to include it there.

in your /etc/rc.conf check where is your firewall script
firewall_script="/usr/local/etc/ipfw.rules"

Then edit your /usr/local/etc/ipfw.rules and add there

cat /usr/local/etc/ipfw.table1 | xargs ipfw table 1 add

if in your file that cointain the list of the IP addresses are delimated only with space without new line (LF) you can use

cat /usr/local/etc/ipfw.table1 | xargs -n1 ipfw table 1 add

This will parse each argument and will add it using ipfw talbe 1 add
Thank you very much and I am sorry, I noticed your second post afterwards.

Going to test it :)

Regards,
A.Ch
 
Back
Top