How to block attack 13000 port in Freebsd

Hello,
i am using ipfw, freebsd 7.2 32 bit

my ipfw.rules

IPF="ipfw -q add"
ipfw -q -f flush

#P2P FiXX
$IPF 4 allow all from 94.102.0.120 to any 12001
$IPF 5 allow all from 127.0.0.0/8 to any 12001
$IPF 6 deny all from any to me 12001
$IPF 7 allow all from 94.102.0.120 to any 14000
$IPF 8 allow all from 127.0.0.0/8 to any 14000
$IPF 9 deny all from any to me 14000
$IPF 10 allow all from 94.102.0.120 to any 14001
$IPF 11 allow all from 127.0.0.0/8 to any 14001
$IPF 12 deny all from any to me 14001
$IPF 13 allow all from 94.102.0.120 to any 14002
$IPF 14 allow all from 127.0.0.0/8 to any 14002
$IPF 15 deny all from any to me 14002
$IPF 16 allow all from 94.102.0.120 to any 14003
$IPF 17 allow all from 127.0.0.0/8 to any 14003
$IPF 18 deny all from any to me 14003
$IPF 19 allow all from 94.102.0.120 to any 14004
$IPF 20 allow all from 127.0.0.0/8 to any 14004
$IPF 21 deny all from any to me 14004
$IPF 22 allow all from 94.102.0.120 to any 14061
$IPF 23 allow all from 127.0.0.0/8 to any 14061
$IPF 24 deny all from any to me 14061
$IPF 25 allow all from 94.102.0.120 to any 14099
$IPF 26 allow all from 127.0.0.0/8 to any 14099
$IPF 27 deny all from any to me 14099
$IPF 28 allow all from 94.102.0.120 to any 17000
$IPF 29 allow all from 127.0.0.0/8 to any 17000
$IPF 30 deny all from any to me 17000
$IPF 31 allow all from 94.102.0.120 to any 17001
$IPF 32 allow all from 127.0.0.0/8 to any 17001
$IPF 33 deny all from any to me 17001
$IPF 34 allow all from 94.102.0.120 to any 17002
$IPF 35 allow all from 127.0.0.0/8 to any 17002
$IPF 36 deny all from any to me 17002
$IPF 37 allow all from 94.102.0.120 to any 17003
$IPF 38 allow all from 127.0.0.0/8 to any 17003
$IPF 39 deny all from any to me 17003
$IPF 40 allow all from 94.102.0.120 to any 17004
$IPF 41 allow all from 127.0.0.0/8 to any 17004
$IPF 42 deny all from any to me 17004
$IPF 43 allow all from 94.102.0.120 to any 17061
$IPF 44 allow all from 127.0.0.0/8 to any 17061
$IPF 45 deny all from any to me 17061
$IPF 46 allow all from 94.102.0.120 to any 17099
$IPF 47 allow all from 127.0.0.0/8 to any 17099
$IPF 48 deny all from any to me 17099
$IPF 49 allow all from 94.102.0.120 to any 19000
$IPF 50 allow all from 127.0.0.0/8 to any 19000
$IPF 51 deny all from any to me 19000
$IPF 52 allow all from 94.102.0.120 to any 19001
$IPF 53 allow all from 127.0.0.0/8 to any 19001
$IPF 54 deny all from any to me 19001
$IPF 55 allow all from 94.102.0.120 to any 19002
$IPF 56 allow all from 127.0.0.0/8 to any 19002
$IPF 57 deny all from any to me 19002
$IPF 58 allow all from 94.102.0.120 to any 19003
$IPF 59 allow all from 127.0.0.0/8 to any 19003
$IPF 60 deny all from any to me 19003
$IPF 61 allow all from 94.102.0.120 to any 19004
$IPF 62 allow all from 127.0.0.0/8 to any 19004
$IPF 63 deny all from any to me 19004
$IPF 64 allow all from 94.102.0.120 to any 19061
$IPF 65 allow all from 127.0.0.0/8 to any 19061
$IPF 66 deny all from any to me 19061
$IPF 67 allow all from 94.102.0.120 to any 19099
$IPF 68 allow all from 127.0.0.0/8 to any 19099
$IPF 69 deny all from any to me 19099
$IPF 70 allow all from 94.102.0.120 to any 21000
$IPF 71 allow all from 127.0.0.0/8 to any 21000
$IPF 72 deny all from any to me 21000
$IPF 73 allow all from 94.102.0.120 to any 21001
$IPF 74 allow all from 127.0.0.0/8 to any 21001
$IPF 75 deny all from any to me 21001
$IPF 76 allow all from 94.102.0.120 to any 21002
$IPF 77 allow all from 127.0.0.0/8 to any 21002
$IPF 78 deny all from any to me 21002
$IPF 79 allow all from 94.102.0.120 to any 21003
$IPF 80 allow all from 127.0.0.0/8 to any 21003
$IPF 81 deny all from any to me 21003
$IPF 82 allow all from 94.102.0.120 to any 21004
$IPF 83 allow all from 127.0.0.0/8 to any 21004
$IPF 84 deny all from any to me 21004
$IPF 85 allow all from 94.102.0.120 to any 21061
$IPF 86 allow all from 127.0.0.0/8 to any 21061
$IPF 87 deny all from any to me 21061
$IPF 88 allow all from 94.102.0.120 to any 21099
$IPF 89 allow all from 127.0.0.0/8 to any 21099
$IPF 90 deny all from any to me 21099
$IPF 91 allow all from 94.102.0.120 to any 15001
$IPF 92 allow all from 127.0.0.0/8 to any 15001
$IPF 93 deny all from any to me 15001
$IPF 200 allow tcp from any to any 11002 in
$IPF 210 allow tcp from any to any 11002 out
$IPF 200 allow udp from any to any 11002 in
$IPF 210 allow udp from any to any 11002 out
$IPF 200 allow tcp from any to any 13000 in
$IPF 210 allow tcp from any to any 13000 out
$IPF 200 allow tcp from any to any 13001 in
$IPF 210 allow tcp from any to any 13001 out
$IPF 200 allow tcp from any to any 13002 in
$IPF 210 allow tcp from any to any 13002 out
$IPF 200 allow tcp from any to any 13003 in
$IPF 210 allow tcp from any to any 13003 out
$IPF 200 allow tcp from any to any 13004 in
$IPF 210 allow tcp from any to any 13004 out
$IPF 200 allow tcp from any to any 13061 in
$IPF 210 allow tcp from any to any 13061 out
$IPF 200 allow tcp from any to any 13099 in
$IPF 210 allow tcp from any to any 13099 out


#Standart Regeln

$IPF 10000 allow all from any to any via lo0
$IPF 20000 deny all from any to 127.0.0.0/8
$IPF 30000 deny all from 127.0.0.0/8 to any
#$IPF 30000 deny all from ant to me 16000
$IPF 40000 allow all from any to any

Code (markup):

my netstat -an >

Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0 94.102.0.120.13000     78.179.205.187.57011   SYN_RCVD
tcp4       0      0 94.102.0.120.13000     78.179.205.187.56995   SYN_RCVD
tcp4       0      0 94.102.0.120.13000     78.171.108.121.4817    SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.246.114.134.4721    SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1342     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1318     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1314     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1308     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1302     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1238     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1138     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1080     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1058     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1044     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.1038     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.5000     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.4962     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.4956     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.4910     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.86.165.4906     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.243.168.92.1150     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     95.10.246.185.22212    SYN_RCVD
tcp4       0      0 94.102.0.120.13000     95.10.246.185.22210    SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.241.135.0.4034      SYN_RCVD
tcp4       0      0 94.102.0.120.13000     85.98.121.56.32937     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60363       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60353       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60349       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60347       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60343       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60341       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60741       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60739       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60737       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60725       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     88.226.5.4.60721       SYN_RCVD
tcp4       0      0 94.102.0.120.13000     95.10.222.91.1786      SYN_RCVD
tcp4       0      0 94.102.0.120.13000     95.10.222.91.1904      SYN_RCVD
tcp4       0      0 94.102.0.120.13000     95.10.222.91.1886      SYN_RCVD
tcp4       0      0 94.102.0.120.13000     78.184.192.60.1517     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     78.179.205.187.57012   SYN_RCVD
tcp4       0      0 94.102.0.120.13000     78.189.17.248.1093     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     78.189.17.248.1091     SYN_RCVD
tcp4       0      0 94.102.0.120.13000     78.189.17.248.1089     SYN_RCVD
more...
...
...
..

Code (markup):

View attachment 13000_netstat.zip

Please help me.

 

Add the following to your /etc/ipfw.rules :

$IPF 220 deny tcp from any to any 13000 in
$IPF 230 deny udp from any to any 13000 in


Make sure your firewall is enabled :

firewall_enable="YES"

& Enable logging:

firewall_logging="YES"

Save your rules, Then run:

sh /etc/ipfw.rules

& list your firewall rules by:

ipfw list


I hope that helps.

 

Sorry i forget say this:

i have game in my freebsd server if i block 13000 port with ipfw , that time users cant join the game

so we cant block port. we need limit ip or ban.

 

any bady can help me about this problem?

netstat -na | awk '{print $5}' | cut -f1,2,3,4 -d '.' | sort | uniq -c | sort -n

 

for i `in netstat -na | awk '{print $5}' | cut -f1,2,3,4 -d '.' | sort | uniq -c | sort -n | awk -F" " '{print $2}'`; do echo $IPF 83 drop all from $ to any >> /etc/ipfw.rules ; done

Check the syntax on that and verify the output of the echo in the loop by removing the append redirection part.

 

My Rules..

ipfw -q add allow tcp from any to me dst-port 80 out setup limit dst-port 5
This limit max 5 connections at the same time for port 80.