Lofland bLOG

Ideas for rules to block adds in an OpenBSD PF firewall:

(These are just ripped from google searches, put them in Google and you will find the real author, I did NOT write these.)

EXAMPLE 1:
# Tables: define large lists of host or network addresses for efficiency
table  persist const { 216.73.80.0/20 } # nasty hobbitses

# block doubleclick
block in  quick on $ext_if inet from  to any
block out quick on $ext_if inet from ($ext_if) to 

EXAMPLE 2:
doubleclick = “204.253.104.0/24, 205.138.3.0/24, 206.65.183.0/24,
208.184.29.0/24 ” # Doubleclick Ad-Server

block out quick on $ext from any to $doubleclick

block in quick on $ext from $doubleclick to any

EXAMPLE 3:
table  persist { \
216.73.80.0/20, \
204.253.104.0/24, \
205.138.3.0/24, \
208.184.29.0/24 \
}

table  persist { \
2.23.190.0/24, \
65.247.105.0/24, \
65.215.137.0/24 \
}

# deny pop ads
block in  quick on $ext_if from any to { ,  }
block out quick on $ext_if from { ,  } to any