# [IPFW] How to do a permanent jail IP?



## energetik (Jan 7, 2014)

Hi, I*'*m  using 
	
	



```
${fwcmd} add 001 deny ip from table\(1\) to me
```
 for make a jail of IP (Bann) _[ What? -- Mod. ]_ but, the table resets every reboot of the server, so my question is this: is it possible to make for example an ipbanned.txt and add an IP to it to permanently ban this IP with an IPFW rule like the one *I*'ve posted*?*

Thanks in advance.


----------



## nanotek (Jan 11, 2014)

Not sure about IPFW because I use PF. The requirements, however, are the same.


Make IPFW use <file> for <table>
Make cronjobs: 
    +- -- instructing IPFW to write <table> to <file> every x minutes
    +- -- instructing IPFW to reload the file at reboot
    +- -- instructing IPFW to expire table entries every x days

If using PF, you can do the above with the following:


Add entry to /etc/pf.conf:

```
table <banned> counters persist file "/var/db/pf/banned.table"
```

Edit /etc/crontab (or use `crontab -e` if you prefer) to create desired jobs:

```
0/5     *       *       *       *       root    pfctl -t banned -T show > /var/db/pf/banned.table 2>/dev/null
@reboot *       *       *       *       root    pfctl -t banned -Tr -f /var/db/pf/banned.table
@daily  *       *       *       *       root    pfctl -t banned -Te 259200
```


----------



## qsecofr (Jan 13, 2014)

Using ipfw, try something like:

```
# IPs i want to block
exec < /etc/rc.ipfw_blocked_ip.txt
while read ip
do
        $ipfw -q table 2 add $ip
done

$ipfw -q add deny ip from table\(2\) to any in via $oif
```


----------

