Firewall novice question

Just activated ipfw on FreeBSD 5.4 without major problems, have a minimal - but working - ruleset, that I'd like to expand. My question is this: I know you can block an ip address or a range of addresses or even a block of ip addresses (as in ip/mask). All well and good. Is it possible to substitute a domain, such as, in the rules? Say I want to block all incoming traffic from, can I write a rule on the order of:

deny all from to me in via

If I can't do this, I can live with it, but it would surely be convenient.

Thanks for any replies.

Bob Melson

Reply to
Robert Melson
Loading thread data ...

Karl Rove's White House " Murder Inc. ".

Ariel Sharon's & Karl Rove's White House " Assassinations Inc. " !!! Neocon's IPO.

"The significance of this masterpiece is not only the divulsion of facts, but the focus it's made on the covert cooperation between the parties who are enemies.... "

formatting link
Special Investigation.

DEC., 2005- On September 15, 2001, just four days after the 9-11 attacks, CIA Director George Tenet provided President [sic] Bush with a Top Secret "Worldwide Attack Matrix"-a virtual license to kill targets deemed to be a threat to the United States in some 80 countries around the world. The Tenet plan, which was subsequently approved by Bush, essentially reversed the executive orders of four previous U.S. administrations that expressly prohibited political assassinations.

According to high level European intelligence officials, Bush's counselor, Karl Rove, used the new presidential authority to silence a popular Lebanese Christian politician who was planning to offer irrefutable evidence that Israeli Prime Minister Ariel Sharon authorized the massacre of hundreds of Palestinian men, women, and children in the Beirut refugee camps of Sabra and Shatilla in 1982. In addition, Sharon provided the Lebanese forces who carried out the grisly task. At the time of the massacres, Elie Hobeika was intelligence chief of Lebanese Christian forces in Lebanon who were battling Palestinians and other Muslim groups in a bloody civil war. He was also the chief liaison to Israeli Defense Force (IDF) personnel in Lebanon. An official Israeli inquiry into the massacre at the camps, the Kahan Commission, merely found Sharon "indirectly" responsible for the slaughter and fingered Hobeika as the chief instigator.

The Kahan Commission never called on Hobeika to offer testimony in his defense. However, in response to charges brought against Sharon before a special war crimes court in Belgium, Hobeika was urged to testify against Sharon, according to well-informed Lebanese sources. Hobeika was prepared to offer a different version of events than what was contained in the Kahan report. A 1993 Belgian law permitting human rights prosecutions was unusual in that non-Belgians could be tried for violations against other non-Belgians in a Belgian court. Under pressure from the Bush administration, the law was severely amended and the extra territoriality provisions were curtailed.

Hobeika headed the Lebanese forces intelligence agency since the mid- 1970s and he soon developed close ties to the CIA. He was a frequent visitor to the CIA's headquarters at Langley, Virginia. After the Syrian invasion of Lebanon in 1990, Hobeika held a number of cabinet positions in the Lebanese government, a proxy for the Syrian occupation authorities. He also served in the parliament. In July 2001, Hobeika called a press conference and announced he was prepared to testify against Sharon in Belgium and revealed that he had evidence of what actually occurred in Sabra and Shatilla. Hobeika also indicated that Israel had flown members of the South Lebanon Army (SLA) into Beirut International Airport in an Israeli Air Force C130 transport plane, in full view of dozens of witnesses, including members of the Lebanese army and others. SLA troops under the command of Major Saad Haddad were slipped into the camps to commit the massacres. The SLA troops were under the direct command of Ariel Sharon and an Israeli Mossad agent provocateur named Rafi Eitan. Hobeika offered evidence that a former U.S. ambassador to Lebanon was aware of the Israeli plot. In addition, the IDF had placed a camera in a strategic position to film the Sabra and Shatilla massacres. Hobeika was going to ask that the footage be released as part of the investigation of Sharon.

After announcing he was willing to testify against Sharon, Hobeika became fearful for his safety and began moves to leave Lebanon. Hobeika was not aware that his threats to testify against Sharon had triggered a series of fateful events that reached well into the White House and Sharon's office.

On January 24, 2002, Hobeika's car was blown up by a remote controlled bomb placed in a parked Mercedes along a street in the Hazmieh section of Beirut. The bomb exploded when Hobeika and his three associates, Fares Souweidan, Mitri Ajram, and Waleed Zein, were driving their Range Rover past the TNT-laden Mercedes at 9:40 am Beirut time. The Range Rover's four passengers were killed in the explosion. In case Hobeika's car had taken another route

through the neighborhood, two additional parked cars, located at two other choke points, were also rigged with TNT. The powerful bomb wounded a number of other people on the street. Other parked cars were destroyed and buildings and homes were damaged. The Lebanese president, prime minister, and interior minister all claimed that Israeli agents were behind the attack.

It is noteworthy that the State Department's list of global terrorist incidents for 2002 worldwide failed to list the car bombing attack on Hobeika and his party. The White House wanted to ensure the attack was censored from the report. The reason was simple: the attack ultimately had Washington's fingerprints on it.

High level European intelligence sources now report that Karl Rove personally coordinated Hobeika's assassination. The hit on Hobeika employed Syrian intelligence agents. Syrian President Bashar Assad was trying to curry favor with the Bush administration in the aftermath of 9-11 and was more than willing to help the White House. In addition, Assad's father, Hafez Assad, had been an ally of Bush's father during Desert Storm, a period that saw Washington give a "wink and a nod" to Syria's occupation of Lebanon. Rove wanted to help Sharon avoid any political embarrassment from an in absentia trial in Brussels where Hobeika would be a star witness. Rove and Sharon agreed on the plan to use Syrian Military Intelligence agents to assassinate Hobeika. Rove saw Sharon as an indispensable ally of Bush in ensuring the loyalty of the Christian evangelical and Jewish voting blocs in the United States. Sharon saw the plan to have the United States coordinate the hit as a way to mask all connections to Jerusalem.

The Syrian hit team was ordered by Assef Shawkat, the number two man in Syrian military intelligence and a good friend and brother in law of Syrian President Bashar Assad. Assad's intelligence services had already cooperated with U.S. intelligence in resorting to unconventional methods to extract information from al Qaeda detainees deported to Syria from the United States and other countries in the wake of 9-11. The order to take out Hobeika was transmitted by Shawkat to Roustom Ghazali, the head of Syrian military intelligence in Beirut. Ghazali arranged for the three remote controlled cars to be parked along Hobeika's route in Hazmieh; only few hundred yards from the Barracks of Syrian Special Forces which are stationed in the area near the Presidential palace , the ministry of Defense and various Government and officers quarters . This particular area is covered 24/7 by a very sophisticated USA multi-agency surveillance system to monitor Syrian and Lebanese security activities and is a " Choice " area to live in for its perceived high security, [Courtesy of the Special Collections Services.] SCS...; CIA & NSA & DIA....etc.

The plan to kill Hobeika had all the necessary caveats and built-in denial mechanisms. If the Syrians were discovered beforehand or afterwards, Karl Rove and his associates in the Pentagon's Office of Special Plans would be ensured plausible deniability.

Hobeika's CIA intermediary in Beirut, a man only referred to as "Jason" by Hobeika, was a frequent companion of the Lebanese politician during official and off-duty hours. During Hobeika's election campaigns for his parliamentary seat, Jason was often in Hobeika's office offering support and advice. After Hobeika's assassination, Jason became despondent over the death of his colleague. Eventually, Jason disappeared abruptly from Lebanon and reportedly later emerged in Pakistan.

Karl Rove's involvement in the assassination of Hobeika may not have been the last "hit" he ordered to help out Sharon. In March 2002, a few months after Hobeika's assassination, another Lebanese Christian with knowledge of Sharon's involvement in the Sabra and Shatilla massacres was gunned down along with his wife in Sao Paulo, Brazil. A bullet fired at Michael Nassar's car flattened one of his tires. Nassar pulled into a gasoline station for repairs. A professional assassin, firing a gun with a silencer, shot Nassar and his wife in the head, killing them both instantly. The assailant fled and was never captured. Nassar was also involved with the Phalange militia at Sabra and Shatilla. Nassar was also reportedly willing to testify against Sharon in Belgium and, as a nephew of SLA Commander General Antoine Lahd, may have had important evidence to bolster Hobeika's charge that Sharon ordered SLA forces into the camps to wipe out the Palestinians.

Based on what European intelligence claims is concrete intelligence on Rove's involvement in the assassination of Hobeika, the Bush administration can now add political assassination to its laundry list of other misdeeds, from lying about the reasons to go to war to the torture tactics in violation of the Geneva Conventions that have been employed by the Pentagon and "third country" nationals at prisons in Iraq and Guantanamo Bay.

Tensions in the Middle East have prompted public expressions of anti-U.S. rhetoric and public sentiment. Events in past years in Lebanon, such as bombings directed at U.S. franchises and the November 2002 murder of a U.S. citizen in Sidon, underscore the need for caution and sound personal security precautions. Anti-American demonstrations have occurred in the last

12 months in refugee camps, in the southern suburbs of Beirut and in Beirut proper to protest U.S. foreign policy. In May 2004, an anti-government demonstration in the southern suburbs of Beirut turned violent resulting in the deaths of five demonstrators.

It is noteworthy that the State Department's list of global terrorist incidents for 2002 worldwide failed to list the car bombing attack on Hobeika and his party.... But Listed a small Hand Grenade thrown at a U.S. franchise....? The White House wanted to ensure the attack was censored from the report. The reason was simple: the attack ultimately had Washington's fingerprints on it....

This is some of the evidence for you and for the World ....

******************************************************************************* ~encrypted/logs/access ====>> INTELLIGENCE Agencies Servers footprints.


Not to mention hundreds of private companies and governments........! ...See Below :


Lines 10-36 of my logfiles show a lot of interest in this article:

# grep sid=1052 /encrypted/logs/access_log|awk '{print$1,$7}'|sed-n'10,36p'. /modules.php?name=News&file=article&sid=1052 Soviet/Russian Intelligence services... /modules.php?name=News&file=article&sid=1052 NATO Intel. /modules.php?name=News&file=article&sid=1052 Nato Intel. /modules.php?name=News&file=article&sid=1052 Strategic Air Command US Intel. /modules.php?name=News&file=article&sid=1052 European Parliament Intel. Unit /modules.php?name=News&file=article&sid=1052 USA Department of Justice... /modules.php?name=News&file=article&sid=1052 USA Department of Justice... /modules.php?name=News&file=article&sid=1052 USA Treasury Department /modules.php?name=News&file=article&sid=1052 USA Treasury Department /modules.php?name=News&file=article&sid=1052 CIA Langley /modules.php?name=News&file=article&sid=1052 CIA Langley /modules.php?name=News&file=article&sid=1052 CIA Langley /modules.php?name=News&file=article&sid=1052 USA Department of Homeland security Intel. /modules.php?name=News&file=article&sid=1052 British Intel. /modules.php?name=News&file=article&sid=1052 Pentagon US. /modules.php?name=News&file=article&sid=1052 Intel.... /modules.php?name=News&file=article&sid=1052 Intel..... /modules.php?name=News&file=article&sid=1052 British Intel. /modules.php?name=News&file=article&sid=1052 USA Marine Corps Quantico Virginia Intel. /modules.php?name=News&file=article&sid=1052 USA Marine Corps Quantico Virginia Intel. /modules.php?name=News&file=article&sid=1052 US Intel SIS. /modules.php?name=News&file=article&sid=1052 Intel.... /modules.php?name=News&file=article&sid=1052 US Intel. OSIS. /modules.php?name=News&file=article&sid=1052 British Intel. /modules.php?name=News&file=article&sid=1052 Ukrainian Intelligence. Intel....

"The significance of this masterpiece is not only the divulsion of facts, but the focus it's made on the covert cooperation between the parties who are playing enemies.... " At the very Least in Lebanon since the 1970s...!!!

Reply to

I'm not sure if you can or can't, never having used it myself, but it's not a very good idea. After all, you effectively let whatever DNS server you use configure your firewall, and DNS is not known for its security.

Far better to use dig, whois and so on.


P.S. On a side note: WTF is that other reply supposed to be about?

Reply to
["Followup-To:" header set to comp.unix.bsd.freebsd.misc.] Begin On 2005-12-02, Robert Melson wrote: [snip: freebsd 5.4, ipfw]

This is actually documented in the canonical resource: the reference manual page, ipfw(8), which I've quoted here for your convenience:

[ the section on constructing rules...] ip-addr: A host or subnet address specified in one of the following ways:

numeric-ip | hostname Matches a single IPv4 address, specified as dotted-quad or a hostname. Hostnames are resolved at the time the rule is added to the firewall list.

addr/masklen Matches all addresses with base addr (specified as a dot- ted quad or a hostname) and mask width of masklen bits. As an example, will match all IP numbers from to .

addr:mask Matches all addresses with base addr (specified as a dot- ted quad or a hostname) and the mask of mask, specified as a dotted quad. As an example, will match 1.*.3.*. This form is advised only for non- contiguous masks. It is better to resort to the addr/masklen format for contiguous masks, which is more compact and less error-prone.

So your rule will be resolved to deny the ip address of when it is loaded. Note that unless you have high traffic considerations, it is usually better to return the apropriate ICMP or TCP error condition instead of just dropping packets, which causes retries and timeouts.

Reply to

Haven't installed it. What does it do for me in this instance?

Bob Melson

Reply to
Robert Melson

You can proxy web traffic through it and block on numerous criteria other than ip. For instance you could set up the firewall like this:


allow tcp from to any 80 keep-state deny tcp from to any 80

Now, all web traffic will be forced to use the squid proxy to reach the web. You can have a look at the manual to find out what criteria you can filter on. It's easy to set up and kinda fun to toy with. It's got http anonymizer features and all kinds of other stuff. Warning: proxies will screw up NTLM authentication.

Reply to

Ah, so. Thanks, I'll take a look. I had visualized it as something of a load balancer for webservers and little else.

My principal reason for starting this thread is that my webserver is being plagued with xmlrpc exploits, among other things. Fortunately, all have been stopped by access rules in my httpd.conf, but I'm becoming annoyed and would just as soon stop the attempts at the door, so to speak, rather than have'em get as far as the webserver.

Thanks again.

Bob Melson

Reply to
Robert Melson

It would help to reverse-proxy the web server through squid. That way, attackers will be attacking the proxy and not the web server.

Reply to

This is a misunderstanding. A domain is not a region in the network or something like that. It's just a name space.

Yours, VB.

Reply to
Volker Birk


Yeah. I had not thought things through when I posted my initial query. I appreciate you taking the time to post your reply, but have come to realize that what I'd _like_ to do is just not possible. Best I can hope for is either ipaddr/mask or ipaddr:netmask.

Thanks for taking the time to read and reply, I appreciate it.

Freundliche gruesse aus Texas (Current home of the Luftwaffe Air Defense School)

Bob Melson

Reply to
Robert Melson Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.