On 5/08/2016 2:22 AM, Dr. Rolf Jansen wrote:
I am completely free of passions on this CC encoding thingy. I won't use this
feature anyway. Please, may I suggest that the experts of the ipfw community
come to an agreement, and I then I will change the implementation accordingly.
Another possibility could be to attach the desired rule numbers directly to the
country codes in the argument of the -t option, How about:
geoip -t AU=50000:RU=50010:US=50020:BR=50030
The present behaviour would be kept without attached numbers. Please let me
know your choices. Furthermore, if the new ipfw allows for more sophisticated
table construction directives, that could be beneficial for country code based
table processing, please advice.
Which has a munimum value of 0 (AA) and maximum of 25 * 26 + 25 = 675,
so at a spacing of 10 (less would do, but room for at least a couple in
between for patching) is a much smaller range of 0 .. 6750, plus offset,
potentially less if step size were also optional.
I will be ready to change the encoding scheme to anything on which the
community will have been agreed upon.
I think you very first idea is best
geoip -t AU:US:DE -n ${GEO_TABLE} -v ${ALLOW_VALUE} |ipfw -q /dev/stdin
we can embed that into scripts any way we want.
let's call this "done", drop it into a port and get onto more
productive things..
thanks for all the work and I already have a use for this in my home
network..
My "home" network spreads over 2 continents with VPNs etc and I
sometimes want to make sure that reaching certain sites only happens
from the exit point near the destination, due to geo blocking. I think
using geo-ip to sidestep geo blocking will be a perfect use.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "[email protected]"
