# ipf.rules and hash:/etc/files ??



## pcnetworks (Jun 23, 2009)

So, I regularily add IP addresses and subnets to my /etc/ipf.rules file, for the purpose of banning any type of connectivity from would-be-hackers.

--snip--
#-----------------------------------------------------------------------
# Block all inbound traffic from nasty hackers
#-----------------------------------------------------------------------
block in log first quick on gem0 from 123.0.0.0/8 to any
block in log first quick on gem0 from 456.0.0.0/12 to any
block in log first quick on gem0 from 789.0.0.0/16 to any
--snip--

and so on and so on...

The list is getting fairly large, so started wondering if I could use a hash file, similar to how you do things with a postfix setup from its main.cf file.

Something like:

--snip--
#-----------------------------------------------------------------------
# Block all inbound traffic from nasty hackers
#-----------------------------------------------------------------------
block in log first quick on gem0 from hash:/etc/banned_subnets to any
--snip--

Or something along those lines.

I've done a good amount of Googling to no aval, so maybe I'm trying to do something that just isn't done?

Any info or suggestions would be most appreciated.

Thanks! 
-
Chris


----------



## vivek (Jun 23, 2009)

pf firewall has option to read directly from text files. With iptables and ipf you need to take help of a shell script and while loop as follows:

```
#!/bin/sh
# add your init ipf rules

### start mass blocking
while read line
do
        block in log first quick on gem0 from $line to any
done < /usr/local/etc/badips.txt

### Rest of rules goes here
```
 /usr/local/etc/badips.txt:

```
94.232.248.0/21 
94.247.0.0/21 
95.129.144.0/23 
95.129.146.0/24 
95.215.76.0/22
```


Another option is to create groups and do the same.


----------



## SirDice (Jun 23, 2009)

With PF you can use a table for this, then you can add IPs on the fly


```
table <badguys> { 1.2.3.4, 10.0.0.0/8 } persist file "/etc/badguys"

block in quick on $ext_if from <badguys> to any
```

Show the contents of the table:
`# pfctl -t badguys -Tshow`

Add an ip:
`# pfctl -t badguys -T add 2.3.4.5`

http://www.openbsd.org/faq/pf/tables.html


----------



## pcnetworks (Jun 23, 2009)

Thanks much for the info!

Now to give things a try,


----------



## DutchDaemon (Jun 23, 2009)

SirDice said:
			
		

> ```
> table <badguys> { 1.2.3.4, 10.0.0.0/8 } persist file "/etc/badguys"
> ```



Never seen an IP declaration _and_ a file in the same table rule ..


----------



## SirDice (Jun 23, 2009)

You're right, I mixed the 2 up..

It's either 

```
table <badguys> persist file "/etc/badguys"
```
*or*

```
table <badguys> { 1.2.3.4, 10.0.0.0/8 }
```


----------

