24 lines
555 B
Text
24 lines
555 B
Text
|
|
REQUIREMENTS:
|
|
|
|
Create required files:
|
|
# install -m 640 -o _pfbadhost -g wheel /dev/null /etc/pf-badhost.txt
|
|
|
|
Give user "_pfbadhost" doas permission.
|
|
|
|
$ cat /etc/doas.conf
|
|
permit root
|
|
permit nopass _pfbadhost cmd /sbin/pfctl args -nf /etc/pf.conf
|
|
permit nopass _pfbadhost cmd /sbin/pfctl args -t pfbadhost -T replace -f /etc/pf-badhost.txt
|
|
|
|
Add the following lines to your pf.conf:
|
|
|
|
table <pfbadhost> persist file "/etc/pf-badhost.txt"
|
|
block in quick on egress from <pfbadhost>
|
|
block out quick on egress to <pfbadhost>
|
|
|
|
For man page
|
|
|
|
$ man pf-badhost
|
|
|
|
|