Occasionaly block single IP



  • I need a fast (dirty) way to temporary block a single LAN IP from the pfsense shell

    Under Linux I use something like:

    iptables -I INPUT -i eth0 -s 192.168.1.34 -j DROP

    and remove with

    iptables -D INPUT -i eth0 -s 192.168.1.34 -j DROP

    I searched the docs, forums, … and for what I understand my problem can be solved with this command:

    ipfw add deny ip from 192.168.0.135 to any

    ipfw: getsockopt(IP_FW_ADD): Protocol not available

    But this seems not work.

    Any hints?
    N.B.: needed for pfsense 1.2.x, but also in 2.x

    Thanks, P.



  • perhaps you could use anchors if you are going to do this alot:

    http://www.openbsd.org/faq/pf/anchors.html



  • @PaoloA:

    ipfw add deny ip from 192.168.0.135 to any

    ipfw: getsockopt(IP_FW_ADD): Protocol not available

    The problem with the ipfw command is that ipfw is not used by default in pfsense. As far as I can tell, it is only enabled if you turn on the captive portal. The rules in the GUI are using the pf firewall… (hence the other post referencing PF: Anchors.


  • Rebel Alliance Developer Netgate

    Add a block rule:

    easyrule block <interface></interface> 
    

    then kill the states to/from that IP:

    pfctl -k <ip>/32; pfctl -k 0.0.0.0/0 -k <ip>/32</ip></ip>
    

    So for an IP on the LAN, it would be:

    easyrule block lan 192.168.0.135
    pfctl -k 192.168.0.135/32; pfctl -k 0.0.0.0/0 -k 192.168.0.135/32
    


  • Thanks jimp … how to do you remove that rule or at least deactivate it?


  • Rebel Alliance Developer Netgate

    From the GUI. you can't do it from the CLI

    (not easily, anyhow)


Locked