I do an ipsett. I failed to mention that. As list is way, way too slow.
I can agree a whole country is over kill, but I don't know anyone in Bhutan, and I have a full closet of Viagra. :-) --john John R. Hill Director Of Technologies 812-314-8920 option #3 -----Original Message----- From: Tom Eastep [mailto:[email protected]] Sent: Friday, January 06, 2012 10:22 AM To: [email protected]; Shorewall Users Subject: Re: [Shorewall-users] Blocking countries with shorewall On Fri, 2012-01-06 at 12:34 +0100, Timothy Murphy wrote: > > I'd be very interested to know if Tom Eastep approves or disapproves > of this script ... Personally, I disapprove of the whole concept of country blocking but that's just my personal opinion. If I were to implement country blocking, I would use an ipset rather than a long chain of blacklist rules. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex infrastructure or vast IT resources to deliver seamless, secure access to virtual desktops. With this all-in-one solution, easily deploy virtual desktops for less than the cost of PCs and save 60% on VDI infrastructure costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
