On 5/9/07, Miroslav Lachman <[EMAIL PROTECTED]> wrote:
Abdullah Ibn Hamad Al-Marri wrote: > Hello, > > I would like to use GeoIP db and update the country db rule, then make > the pf to read the db, and allow certian contries to connect to the > web server. > > Is this possible?Yes, I am using it. Just download and uncompress the CSV GeoIP version and do something like this (example for Czech Republic IPs): grep Czech GeoIPCountryWhois.csv | awk 'BEGIN { FS="," } { print $1"-"$2 }' | sed 's/"//g' | tableutil -q text > /etc/pf.czech_net.table tableutil is from ports (net/tableutil) So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to pf.conf byt this line: table <czech_net> persist file "/etc/pf.czech_net.table" Then you can do what ever you whant with these IP addresses (block / pass / redirect...) Miroslav Llachman
Thanks for your help this really great!, you made my day :) I was also surfing the net and found this interesting Debian HOWTO http://www.debian-administration.org/articles/518 Another question, how about the update per month? do I need to kill pf and run it again? or a crontab would do the trick and update the IPs? -- Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
