Occasionaly block single IP
-
I need a fast (dirty) way to temporary block a single LAN IP from the pfsense shell
Under Linux I use something like:
iptables -I INPUT -i eth0 -s 192.168.1.34 -j DROP
and remove with
iptables -D INPUT -i eth0 -s 192.168.1.34 -j DROP
I searched the docs, forums, … and for what I understand my problem can be solved with this command:
ipfw add deny ip from 192.168.0.135 to any
ipfw: getsockopt(IP_FW_ADD): Protocol not available
But this seems not work.
Any hints?
N.B.: needed for pfsense 1.2.x, but also in 2.xThanks, P.
-
perhaps you could use anchors if you are going to do this alot:
http://www.openbsd.org/faq/pf/anchors.html
-
ipfw add deny ip from 192.168.0.135 to any
ipfw: getsockopt(IP_FW_ADD): Protocol not available
The problem with the ipfw command is that ipfw is not used by default in pfsense. As far as I can tell, it is only enabled if you turn on the captive portal. The rules in the GUI are using the pf firewall… (hence the other post referencing PF: Anchors.
-
Add a block rule:
easyrule block <interface></interface>
then kill the states to/from that IP:
pfctl -k <ip>/32; pfctl -k 0.0.0.0/0 -k <ip>/32</ip></ip>
So for an IP on the LAN, it would be:
easyrule block lan 192.168.0.135 pfctl -k 192.168.0.135/32; pfctl -k 0.0.0.0/0 -k 192.168.0.135/32
-
Thanks jimp … how to do you remove that rule or at least deactivate it?
-
From the GUI. you can't do it from the CLI
(not easily, anyhow)