Open main menu, an OpenBSD-based firewall β


IPdeny is a web service that keep track of countries IP address ranges.

Begin by enabling root access. Then create a file such as /cfg/ (for example using vi) with the content

while true
	ftp -S dont -o /tmp/ipdeny &&
		pfctl -t ipdeny -T replace -f /tmp/ipdeny
	sleep 3600

and make sure it's started during boot by adding the following text into /cfg/skel/rc.local

sh /cfg/ &

You can then use that file when creating firewalling rules. You need to add a table called ipdeny. Below is a complete example

firewall {
	table <ipdeny> persist
	block from <ipdeny>

You can check what IP addresses are included in this table at any time by running the following command

 pfctl -t ipdeny -T show