PF and GeoIP to update country table?
Miroslav Lachman
000.fbsd at quip.cz
Wed May 9 09:11:56 UTC 2007
Abdullah Ibn Hamad Al-Marri wrote:
> Hello,
>
> I would like to use GeoIP db and update the country db rule, then make
> the pf to read the db, and allow certian contries to connect to the
> web server.
>
> Is this possible?
Yes, I am using it.
Just download and uncompress the CSV GeoIP version and do something like
this (example for Czech Republic IPs):
grep Czech GeoIPCountryWhois.csv | awk 'BEGIN { FS="," } { print $1"-"$2
}' | sed 's/"//g' | tableutil -q text > /etc/pf.czech_net.table
tableutil is from ports (net/tableutil)
So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to
pf.conf byt this line:
table <czech_net> persist file "/etc/pf.czech_net.table"
Then you can do what ever you whant with these IP addresses (block /
pass / redirect...)
Miroslav Llachman
More information about the freebsd-pf
mailing list