IPdeny

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

IPdeny is a web service that keep track of countries IP address ranges.

Begin by enabling root access. Then create a file such as /cfg/ipdeny.sh (for example using vi) with the content

while true
do
	ftp -S dont -o /tmp/ipdeny   http://www.ipdeny.com/ipblocks/data/countries/cn.zone &&
		pfctl -t ipdeny -T replace -f /tmp/ipdeny
	sleep 3600
done

and make sure it's started during boot by adding the following text into /cfg/skel/rc.local

sh /cfg/ipdeny.sh &

You can then use that file when creating firewalling rules. You need to add a table called ipdeny. Below is a complete example

firewall {
	table <ipdeny> persist
	block from <ipdeny>
	...

You can check what IP addresses are included in this table at any time by running the following command

 pfctl -t ipdeny -T show