PF and GeoIP to update country table?
Abdullah Ibn Hamad Al-Marri
almarrie at gmail.com
Wed May 9 09:01:36 UTC 2007
On 5/9/07, Miroslav Lachman <000.fbsd at quip.cz> wrote:
> Abdullah Ibn Hamad Al-Marri wrote:
> > Hello,
> >
> > I would like to use GeoIP db and update the country db rule, then make
> > the pf to read the db, and allow certian contries to connect to the
> > web server.
> >
> > Is this possible?
>
> Yes, I am using it.
>
> Just download and uncompress the CSV GeoIP version and do something like
> this (example for Czech Republic IPs):
>
> grep Czech GeoIPCountryWhois.csv | awk 'BEGIN { FS="," } { print $1"-"$2
> }' | sed 's/"//g' | tableutil -q text > /etc/pf.czech_net.table
>
> tableutil is from ports (net/tableutil)
>
> So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to
> pf.conf byt this line:
> table <czech_net> persist file "/etc/pf.czech_net.table"
> Then you can do what ever you whant with these IP addresses (block /
> pass / redirect...)
>
> Miroslav Llachman
Thanks for your help this really great!, you made my day :)
I was also surfing the net and found this interesting Debian HOWTO
http://www.debian-administration.org/articles/518
Another question, how about the update per month? do I need to kill pf
and run it again? or a crontab would do the trick and update the IPs?
--
Regards,
-Abdullah Ibn Hamad Al-Marri
Arab Portal
http://www.WeArab.Net/
More information about the freebsd-pf
mailing list