>>>>> "Mark" == Mark Yovorsky <myov@vex.net> writes:
    Mark> I'm in the process of moving my firewall from ipchains on a Linux 
    Mark> machine to ipfw on a NetBSD machine.

    Mark> In my ipchains firewall, when I block a host completely, I add it to a 
    Mark> custom "banned" chain (which then DENY's the ip), rather than using a 
    Mark> DENY rule. I do this so that I can tell what was blocked - the specific 
    Mark> port or the entire ip.

  There is only one list in ipf. You can certainly block (with log if you
like) specific hosts. If you log them, then the rule number which caused the
block/log will appear in the syslog output.

]       ON HUMILITY: to err is human. To moo, bovine.           |  firewalls  [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [