Im kinda new on this - so your advice is greatly appreciated.
I am sure their is a better way - thus the reason for discussion :-)
Im far from an expert ... my wife tells me I am not perfect either...
Boo Hiss :-)
My thought is - this community - which appears to be an excellent
resource of great people - will be able to help me become perfect -
and an expert.
(ok bad joke)
Anyhow - seeing what others are doing should help.
I am thinking /8 would be cruel - however if your find blocking that
entire region from your network - then who cares...
guess its good for some and not good for others...
We for example colocate for a company based out of China...
We therefore would need to use these to actually allow traffic to
their IP Block
but want to block that traffic from the rest of our network...
On a side note - PIX eat your heart out.
I am running this on a Quad Core Xeon and ... it has zero load...
blowing the doors off of the pix running in line w/ it. had the
system sitting on the side... and voila - instant firewall
We also run vYatta and man does that kick but as well.
time to perhaps once we have this 100% put that puppy (pix) on eBay
Hat's off to the MonoWall and pFsense dev teams.
Glenn
On Sep 23, 2008, at 11:38 AM, Paul Mansfield wrote:
Claus Marxmeier wrote:
already doing that for hacker networks and spamlinkdests with 2
embedded pfsense from database in netsecdb.de
to use /8 would be a little bit tooo cruel, wouldn't it?
better yet, just look up the IP in apnic and if it's there, deny it
(and
cache) :-)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
