Saturday, August 2, 2008

PF simple conf to block IP addresses

So if you want PF to do only one thing, and that is to block particular ip's here is how you do it. Keep in mind, this configuration is a horrible idea for a traditional firewall. So first begin with creating /etc/pf.conf, I use vi, you can use whatever.

ext_if="re0" # External interface

#Block all Ip's in the banned table
table { 192.168.1.1 }
block quick from to any
block quick from any to

pass out keep state
pass in quick on ext_if

conf if your looking for a traditional firewall, this is for the sole purpose of blocking a single IP or IP ranges.

You will need to replace re0 with your interface name and put your IP's to be blocked in the banned table.

You can put entire classes of IP's if you want like: 204.152.64.0/23
and the table should be comma seperated so something like:

table { 192.168.1.1, 204.152.64.0/23 }

Also to get pf.conf to start(FreeBSD, anyway), you need to put this in the rc.conf:

pf_enable="YES"
pf_rules="/etc/pf.conf"
pf_flags=""
pflog_enable="YES"
pflog_logfile="/var/log/pflog"
pflog_flags=""


I'll go more in depth on more stuff you can do with pf in the next post, or wait, maybe a powershell post, I don't know. I am not promising anything.

No comments: