DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 1st March 2017
Amithapr Amithapr is offline
Fdisk Soldier
 
Join Date: Dec 2015
Posts: 69
Question Blocking All Public IPs from a Particular Country

Hi All,

What is the best way of blocking all the public IPs from a particular country? I have more than 200 public IPs to block. I thought of putting all the IPs as a variable and calling it in the blocking rule. Is my thought correct? will that slows down my OpenBSD firewall or have a big impact on the entire firewall's performance ?

Thanks
Reply With Quote
  #2   (View Single Post)  
Old 1st March 2017
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,975
Default

Use a table.

http://www.openbsd.org/faq/pf/tables.html
Reply With Quote
  #3   (View Single Post)  
Old 1st March 2017
frcc frcc is offline
Don't Worry Be Happy!
 
Join Date: Jul 2011
Location: hot,dry,dusty,rainy,windy,straight winds, tornado,puts the fear of God in you-Texas
Posts: 123
Default block ip

Table is much faster than variable.
I block all foreign ip cidr's in pf.conf using table which is large and instantaneous.
i/we use
"block in quick log (all) on fxp0 from !<usip> to any label "foreign"
where <usip> is a .csv file of us based cidr's

You can update that file as desired.
It cuts down the amount of traffic greatly if you r not interested in a non-us
based cidr.
Reply With Quote
  #4   (View Single Post)  
Old 2nd March 2017
Amithapr Amithapr is offline
Fdisk Soldier
 
Join Date: Dec 2015
Posts: 69
Default

Hi Jggimi ,Frcc

Thanks a lot for your information

Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking MySpace roddierod Other OS 3 12th April 2009 09:39 PM
PF Blocking VPN Traffic plexter OpenBSD Security 6 23rd January 2009 05:25 PM
pf blocking php mail ijk FreeBSD Security 7 30th October 2008 08:33 PM
PF Blocking schrodinger OpenBSD Security 6 6th October 2008 10:33 PM
FreeBSD and freeze sur "select country" mjj FreeBSD Installation and Upgrading 7 18th June 2008 02:16 AM


All times are GMT. The time now is 04:37 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick