Thank you.
2015-01-22 16:06 GMT-02:00 PGNd <[email protected]>:
>
> > > On 1/22/2015 12:45 PM, Orlandinei Vujanski wrote:
> > > How could I make the networks stay in a separate file by country?
>
> > On Thu, Jan 22, 2015, at 09:54 AM, Bill Shirley wrote:
> > Have you looked at GeoIP matching:
> > http://shorewall.net/ISO-3661.html
>
> iptables geomatch, though convenient, can get resource-expensive.
>
> more efficient alternative is to use ipset.
>
> if you know the networks already, or can easily download them, create &
> load the data in ipsets; whether a single ipset, or multiple per-country,
> is completely up to you.
>
> then in shorewall/conntrack DROP the ipsets in prerouting. e.g, I do
>
> /conntrack
>
> ?FORMAT 3
> ## IDS
> # IPSETS
> DROP:P EXT_IF:+GEO_BLOCK_IP -
> DROP:P EXT_IF:+GEO_BLOCK_NET -
>
>
>
> ------------------------------------------------------------------------------
> New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
> GigeNET is offering a free month of service with a new server in Ashburn.
> Choose from 2 high performing configs, both with 100TB of bandwidth.
> Higher redundancy.Lower latency.Increased capacity.Completely compliant.
> http://p.sf.net/sfu/gigenet
> _______________________________________________
> Shorewall-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/shorewall-users
>
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
