Comments on: FreeBSD / OpenBSD: PF Firewall Filter Large Number Of Subnets and IP Address http://www.cyberciti.biz/faq/opebsd-pf-firewall-block-subnets-ip-address/ Every answer asks a more beautiful question. Fri, 10 Feb 2012 19:55:56 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: CDSUhttp://www.cyberciti.biz/faq/opebsd-pf-firewall-block-subnets-ip-address/#comment-41228 CDSU Thu, 16 Apr 2009 15:41:55 +0000 http://www.cyberciti.biz/faq/?p=1182#comment-41228 You have to enable PF first. there are several steps needed in order to complete this task. It may include rebuilding the kernel and adding some options. FreeBSD 7.x or better should have pf enabled in the kernel. the following steps need to be made in order to get pf working 1. edit the /etc/rc.conf file and add the following pf_enable="YES" # Enable PF (load module if required) pf_rules="/etc/pf.conf" # rules definition file for pf pf_flags="" # additional flags for pfctl startup pflog_enable="YES" # start pflogd(8) pflog_logfile="/var/log/pflog" # where pflogd should store the logfile pflog_flags="" # additional flags for pflogd startup' if you cannot afford to reboot the device you can enable and disable via CLI pfctl -d Disable the packet filter. pfctl -e Enable the packet filter. it is always good to test your rules before you go live. --CDSY You have to enable PF first. there are several steps needed in order to complete this task. It may include rebuilding the kernel and adding some options. FreeBSD 7.x or better should have pf enabled in the kernel. the following steps need to be made in order to get pf working
1. edit the /etc/rc.conf file and add the following
pf_enable=”YES” # Enable PF (load module if required)
pf_rules=”/etc/pf.conf” # rules definition file for pf
pf_flags=”" # additional flags for pfctl startup
pflog_enable=”YES” # start pflogd(8)
pflog_logfile=”/var/log/pflog” # where pflogd should store the logfile
pflog_flags=”" # additional flags for pflogd startup’

if you cannot afford to reboot the device you can enable and disable via CLI

pfctl -d Disable the packet filter.

pfctl -e Enable the packet filter.

it is always good to test your rules before you go live.

–CDSY

]]> By: Rayhttp://www.cyberciti.biz/faq/opebsd-pf-firewall-block-subnets-ip-address/#comment-39798 Ray Mon, 12 Jan 2009 02:28:48 +0000 http://www.cyberciti.biz/faq/?p=1182#comment-39798 I've also tried using the above but the IP's aren't being blocked. Any ideas? I’ve also tried using the above but the IP’s aren’t being blocked. Any ideas?

]]> By: shake faidzalhttp://www.cyberciti.biz/faq/opebsd-pf-firewall-block-subnets-ip-address/#comment-39320 shake faidzal Thu, 27 Nov 2008 03:30:00 +0000 http://www.cyberciti.biz/faq/?p=1182#comment-39320 hi, i've tried the command lines n created the table as ordered, however it doesn't block the ip's that i want to filter from access outside internet. FYI, "pfctl -t blockedips -T show" does show the list of ip's that i key-in. really apreciate if u could spare me some ideas..tq hi,
i’ve tried the command lines n created the table as ordered, however it doesn’t block the ip’s that i want to filter from access outside internet. FYI, “pfctl -t blockedips -T show” does show the list of ip’s that i key-in. really apreciate if u could spare me some ideas..tq

]]>