From ddcacd328f7d52f5e3bc6e0c399b5497b6745ac6 Mon Sep 17 00:00:00 2001 From: Solene Rapenne Date: Wed, 10 Mar 2021 22:37:11 +0100 Subject: [PATCH] Documentation enhancement --- README.md | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e9df6cf..459f586 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,8 @@ It is meant to be used to block scanner connecting on unused ports. # How to use +## Configure inetd + Start inetd service with this in `/etc/inetd.conf`: ``` @@ -14,6 +16,15 @@ Start inetd service with this in `/etc/inetd.conf`: 666 stream tcp6 nowait root /usr/local/bin/iblock iblock ``` +You can change the PF table by adding it as a parameter like this: + +``` +666 stream tcp nowait root /usr/local/bin/iblock iblock blocklist +666 stream tcp6 nowait root /usr/local/bin/iblock iblock blocklist +``` + +## Configure packet filter + Use this in `/etc/pf.conf`, choose which ports will trigger the ban from the variable: ``` @@ -27,7 +38,11 @@ pass in quick on egress inet proto tcp to port $blocking_tcp rdr-to 127.0.0.1 po pass in quick on egress inet6 proto tcp to port $blocking_tcp rdr-to ::1 port 666 ``` -Done! You can see IP banned using `pfctl -t blocked -T show` and iBlock will log blocking too. +Don't forget to reload the rules with `pfctl -f /etc/pf.conf`. + +# Get some statistics + +Done! You can see IP banned using `pfctl -t blocked -T show` and iBlock will send blocked addresses to syslog. In the example I added a label to the block rule, you can use `pfctl -s labels` to view statistics from this rule, [see documentation for column meaning](https://man.openbsd.org/pfctl#s~8). @@ -36,6 +51,4 @@ In the example I added a label to the block rule, you can use `pfctl -s labels` - make install doing something - A proper man page -- Support IPv6 - make it work with doas -- pf table as a parameter