This post is probably more relevant to my use case of PF firewall running on FreeBSD 11.1, and I need to remind myself how to unblock an IP from the block list.
Here’s a snippet of what’s in /etc/pf.conf:
table persist
# Don't send rejections. Just drop.
set block-policy drop
# Exempt the loopback interface to prevent services utilizing the
# local loop from being blocked accidentally.
set skip on lo0
# all incoming traffic on external interface is normalized and fragmented
# packets are reassembled.
scrub in on $ext_if all fragment reassemble
# set a default deny policy.
block in log all
# This is a desktop so be permissive in allowing outgoing connections.
pass out quick modulate state
# Enable antispoofing on the external interface
antispoof for $ext_if inet
#antispoof for $ext_if inet6
# block packets that fail a reverse path check. we look up the routing
# table, check to make sure that the outbound is the same as the source
# it came in on. if not, it is probably source address spoofed.
block in from urpf-failed to any
# drop broadcast requests quietly.
block in quick on $ext_if from any to 255.255.255.255
block in log quick on $ext_if inet from to any
In the pf.conf, the blocked IP table is called sshguard. To list all the blocked IPs, run:
# pfctl -t sshguard -T show
1.0.246.105
1.9.79.191
1.52.149.133
1.53.170.75
1.164.252.130
1.212.246.18
1.217.60.210
1.235.197.132
...
To unblock an IP, e.g. 1.235.197.132, run:
# pfctl -t sshguard -T delete 1.235.197.132
1/1 addresses deleted.
That’s it. Why is it so hard for me to remember this? 😛