Time based ACL (access control lists) features do not exist in BSD’s packet filter (PF). Having your network “shut down” at certain times (for instance, allow certain network ranges or specific IP addresses only during “business hours” or a specific time range), can be achieved with a simple PF table and a cronjob. First, let’s…
Tag: PF
Block countries on OpenBSD using pf
Same as in the previous article, full countries can be easily blocked on OpenBSD firewall using the pf command and https://ipdeny.com/. The zone files provided by https://ipdeny.com/ need to be stored locally. A simple way to achieve this is by having a cronjob downloading those periodically (for instance once per day): We store them directly…