your thoughts on a particualar ipfw action.
Michael Sierchio
kudzu at tenebras.com
Tue Aug 2 15:02:46 UTC 2016
On Tue, Aug 2, 2016 at 1:08 AM, Julian Elischer <julian at freebsd.org> wrote:
>
> A recent addition to our armory is the geoip program that, given an
> address can tell you what country it is in and given a country code, can
> give an ipfw table that describes all the ip addresses in that country.
>
>
I look forward to getting acquainted with the new features, but I have an
observation - a database of networks by country is not invariably a
geographic database. If you were to look at IP allocations in the
Caribbean, or other overseas territories of the Netherlands, France, etc.
you'd see what I mean. There's even a bit of FR in North America,
Saint-Pierre & Miquelon.
It works pretty well for excluding North Korea, Afghanistan, Yemen,
Somalia, etc. but can sometimes be confusing.
--
"Well," Brahma said, "even after ten thousand explanations, a fool is no
wiser, but an intelligent man requires only two thousand five hundred."
- The Mahābhārata
More information about the freebsd-ipfw
mailing list