Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
Re: ipfw.config - how to block ip ranges *SOLVED*
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ipfw.config - how to block ip ranges *SOLVED*



On Oct 20, 2007, at 1:39 PM, Steve Elman wrote:

On Oct 20, 2007, at 12:37 PM, Steve Elman wrote:

Hello,

I currently have my internal firewall running and I have my ipfw.config set up and currently blocking multiple known spamming ip address like this:

add deny log tcp from 83.0.0.0/8 to any dst-port 25 in

In reading the server docs and the man pages it is not clear to me how to block a range of ip's such as 75.119.0.0 - 75.119.95.255

You just provided an example of how to block a range above.

when trying:

add deny log tcp from 75.119.0.0 - 75.119.95.255 to any dst-port 25 in

or

add deny log tcp from 75.119.0.0-75.119.95.255 to any dst-port 25 in

Does not seem to work.

Correct, because neither one of those follows the example of using a range you yourself already provided. Re-read the example of a range you provided above. See how you specified a range for 83.0.0.0 to 82.255.255.255? That used a CIDR block. Additionally you can use a netmask. See the docs.

OK I got this now. Thanks. Just a little more calculating...

Note, that since the above range you're trying to deny isn't expressible using a single netmask. That leads me to question if indeed that's really the range you wanted since you're not describing a network anyway. If indeed it is the range you wanted, break it down into two (or more) CIDR blocks according to the networks you're trying to represent.

OK. I gotcha on this. I just need to be a little more precise as don't want to block too much only the offenders.


Additionally how does one block a range and then allow an ip within the blocked range? If possible?

ipfw uses "first match wins". ALLOW before your DENY.

Ah OK sorry I missed that.

Pointing me to the correct documentation or a link to an article would be great but I can't seem to find on on this subject.

Google is your friend. Seriously, didn't you try to Google for "ipfw"??? Worked for me. ipfw is from of FreeBSD.

Yes I did Google, I guess I posed my question wrong. Thanks!

Did you not find the documentation for ipfw along with howto's when you googled for "ipfw"? Seems to hit it for me.

ipfw was in the search but how to was not. I will use that phase more often. THANKS!


(Though it is unfortunate that Purdue seems to have a Fort Wayne campus...)

Significance? I am a little slow....

Thanks again.
y
Steve
                 Steve Elman
       http://www.TheMacMan.Net
    http://www.GoOnlineAspen.Com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden




Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.