# Need to filter traffic how?



## tony33 (Mar 27, 2017)

I got FreeBSD 11.0 and need to filter traffic. I have IPFW as the firewall but sick of constantly manually adding IP addresses to be blocked.

Is there any way to automate this? I was told to use Squid proxy/dansguardian  

I am not sure about using it. Is there any articles about the subject matter?


----------



## tony33 (Apr 21, 2017)

getopt said:


> Please be more precise about your filtering desires. For automation it is also relevant to know how you acquire IPs/hostnames and on what criteria you want to block. Maybe some blacklists available on the Internet might be the way to go?
> 
> Yes www/squid can do filtering based on ACLs start reading there: http://wiki.squid-cache.org/SquidFaq/SquidAcl



Filter traffic meaning blocking traffic that has malicious intent weather it's spam,ddos attacks, known source of malware  or botnet etc.

What I want is right now I have ipfw setup where I have to manually write in the firewall rules file to block individual ips or a ip block. I have to do this by manually looking at logs to see if there's an attack of some sort. However,  once I  block all these ip addresses. Things settle down than a week or two I would get a new set of ip addresses starting up again hitting my servers.

I don't have the time to keep watching my network and keep blocking new ip address and net blocks. These are ddos attacks but they're very weak. Not strong enough to take down my network. However, don't want to keep  looking for new ip addresses to keep manually typing in and blocking.

I want either software that can detect a pattern to determine if a ddos attack is at hand. That would generate the code to add to ipfw to block the ip address.

Or like your idea and just have some kind of code that will download a blacklist form the internet. Even if there's no code or software. If it's something simple I can just put one line in ipfw and then download that blacklist file and store it on my server. I can then keep manually downloading that file.

As long it keeps blocking botnets or ddos attacks that are well known.


----------



## SirDice (Apr 21, 2017)

Are you using Squid as a reverse proxy? DDoS attacks are _incoming_. And Squid is typically used for _outgoing_ traffic. So I'm wondering how you are "detecting" those attacks.


----------

