code: fqa.9front.org

Download patch

ref: 3957ccab38bab2919555a824a1f83945a69cee25
parent: a92d8007858a16630bbedc121417aae2db30e491
author: sl <sl@9front>
date: Tue Jul 30 22:57:02 EDT 2024

fqa.ms, fqa6.ms: add 6.3.*

--- a/fqa.ms
+++ b/fqa.ms
@@ -903,6 +903,18 @@
 6.3 - How do I filter and firewall with 9front?
 .ihtml a
 
+.ihtml a <a href="fqa6.html#6.3.1">
+6.3.1 - Blackhole routes with null device
+.ihtml a
+
+.ihtml a <a href="fqa6.html#6.3.2">
+6.3.2 - Block traffic with aux/dial
+.ihtml a
+
+.ihtml a <a href="fqa6.html#6.3.2.1">
+6.3.2.1 - aux/dial scripted blocklist
+.ihtml a
+
 .ihtml a <a href="fqa6.html#6.4">
 6.4 - Dynamic Host Configuration Protocol (DHCP)
 .ihtml a
--- a/fqa6.ms
+++ b/fqa6.ms
@@ -713,7 +713,7 @@
 .R
 .ihtml h3
 .P1
-% cat /net/ndb
+; cat /net/ndb
 ip=192.168.0.31 ipmask=255.255.255.0 ipgw=192.168.0.1
 	sys=x301
 	dom=x301.9front
@@ -728,7 +728,7 @@
 .R
 .ihtml h4
 .P1
-% cat /net/iproute
+; cat /net/iproute
 0.0.0.0         /96  192.168.0.1     4    none   -
 192.168.0.0     /120 192.168.0.0     4i   ifc    0
 192.168.0.0     /128 192.168.0.0     4b   ifc    -
@@ -793,7 +793,70 @@
 .R
 .ihtml h2
 
-No.
+.html - <a name="6.3.1" />
+.ihtml h3 <h3>
+.SH
+6.3.1 - Blackhole routes with null device
+.R
+.ihtml h3
+
+Create a null device with a junk IP address (don't use this network for anything else):
+.P1
+; ip/ipconfig null /dev/mordor 192.69.69.69 255.255.255.0
+.P2
+
+Route unwanted traffic to the null device:
+.P1
+; echo 'add 47.128.0.0 255.252.0.0 192.69.69.69' >/net/iproute
+.P2
+
+Read:
+.ihtml a <a href="http://man.9front.org/3/ip">
+.CW ip(3) ,
+.ihtml a
+.ihtml a <a href="http://man.9front.org/8/ipconfig">
+.CW ipconfig(8)
+.ihtml a
+
+.html - <a name="6.3.2" />
+.ihtml h3 <h3>
+.SH
+6.3.2 - Block traffic with aux/dial
+.R
+.ihtml h3
+
+Immediately hangup on unwanted addresses:
+.P1
+; aux/dial -e -o hangup 'ipmux!ver=4;src=47.128.0.0&255.252.0.0' rc -c 'echo 0 > /srv/blocked.47.128'
+.P2
+
+To remove the block:
+.P1
+; rm /srv/blocked.47.128
+.P2
+
+Read:
+.ihtml a <a href="http://man.9front.org/3/ip">
+.CW ip(3) ,
+.ihtml a
+.ihtml a <a href="http://man.9front.org/1/dial">
+.CW dial(1)
+.ihtml a
+
+.html - <a name="6.3.2.1" />
+.ihtml h3 <h3>
+.SH
+6.3.2.1 - aux/dial scripted blocklist
+.R
+.ihtml h3
+
+Persistent crawlers suck. A casually updated blocklist is maintained in script form here:
+.ihtml a <a href="http:/plan9.stanleylieber.com/rc/nipmux">
+http://plan9.stanleylieber.com/rc/nipmux
+.ihtml a
+
+.B Note:
+It's probably too aggressive.
 
 .html - <a name="6.4" />
 .ihtml h2 <h2>