This post is probably more relevant to my use case of PF firewall running on FreeBSD 11.1, and I need to remind myself how to unblock an IP from the block list.
Here’s a snippet of what’s in
table persist # Don't send rejections. Just drop. set block-policy drop # Exempt the loopback interface to prevent services utilizing the # local loop from being blocked accidentally. set skip on lo0 # all incoming traffic on external interface is normalized and fragmented # packets are reassembled. scrub in on $ext_if all fragment reassemble # set a default deny policy. block in log all # This is a desktop so be permissive in allowing outgoing connections. pass out quick modulate state # Enable antispoofing on the external interface antispoof for $ext_if inet #antispoof for $ext_if inet6 # block packets that fail a reverse path check. we look up the routing # table, check to make sure that the outbound is the same as the source # it came in on. if not, it is probably source address spoofed. block in from urpf-failed to any # drop broadcast requests quietly. block in quick on $ext_if from any to 255.255.255.255 block in log quick on $ext_if inet from to any
pf.conf, the blocked IP table is called
sshguard. To list all the blocked IPs, run:
# pfctl -t sshguard -T show 18.104.22.168 22.214.171.124 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168 22.214.171.124 ...
To unblock an IP, e.g.
# pfctl -t sshguard -T delete 126.96.36.199 1/1 addresses deleted.
That’s it. Why is it so hard for me to remember this? 😛