Mark Yovorsky <myov@vex.net> wrote:

> I'm not sure if this is the right place for this, but I didn't see 
> another list for firewalls.

netbsd-help@netbsd.org is more appropriate for this kind of query.
 
> I'm in the process of moving my firewall from ipchains on a Linux 
> machine to ipfw on a NetBSD machine.

ipfw is part of FreeBSD. I think you mean to say ipfilter. :-)
 
> In my ipchains firewall, when I block a host completely, I add it to a 
> custom "banned" chain (which then DENY's the ip), rather than using a 
> DENY rule. I do this so that I can tell what was blocked - the specific 
> port or the entire ip.
> 
> Is there a way to do this in ipfw (create custom firewall targets)?

Have a look at this - it should explain most if not all of what you need to
know about ipfilter.

	http://www.obfuscation.org/ipf/ipf-howto.txt

Andrew