From owner-freebsd-ipfw@freebsd.org Tue Aug 2 15:02:46 2016 Return-Path: Delivered-To: freebsd-ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31C88BAC1FB for ; Tue, 2 Aug 2016 15:02:46 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mailman.ysv.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 10FDA1234 for ; Tue, 2 Aug 2016 15:02:46 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mailman.ysv.freebsd.org (Postfix) id 1042ABAC1FA; Tue, 2 Aug 2016 15:02:46 +0000 (UTC) Delivered-To: ipfw@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0DAA2BAC1F9 for ; Tue, 2 Aug 2016 15:02:46 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: from mail-qk0-x22f.google.com (mail-qk0-x22f.google.com [IPv6:2607:f8b0:400d:c09::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C2FEC1232 for ; Tue, 2 Aug 2016 15:02:45 +0000 (UTC) (envelope-from kudzu@tenebras.com) Received: by mail-qk0-x22f.google.com with SMTP id s63so177356780qkb.2 for ; Tue, 02 Aug 2016 08:02:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tenebras-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Ap+d9PO/xS/Ozi6Kk8Ty5is1MnKNC4HfYW9h6XGvcqE=; b=OXR51sZMo9CuMrFI/8OFuu7WXp4Bq1OPh/AyNI7BIUF3QAq7BvMk2Cn0mrnLiJNCwa /NwCSF6cMYgclf+zw8eKdFEAI68Gc0tS199/Nva+xZZJim/4LAmaLT2HTJNZ/riVYKIg fxX81djrjOYWHwsLneOh5HjFAoLQBmy0JcJMBpYq+zmtRXufezblDbUs60Vo1EIGAzTM vGpxNxTyg/y7QXrmZxO6BzJi/HV+b2G2uGSGkuEe4SKiy2abE3KVAMpAQ8FVY/0S0V0r JCiq/E/Xmi05WoGND65H2FjFyKqufiX0lF9gb5iB3FyRKyT7F1tbnVMEwL9UxD/6t3lS Ep6A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Ap+d9PO/xS/Ozi6Kk8Ty5is1MnKNC4HfYW9h6XGvcqE=; b=iigIIPm4ohSlQ7W15o+shslhhUPs3Jomuudz3QC7j/pJB5ZMBAg7nGbtdSUigtQW0i pdgsVEVcSsmAouXrh5IORsb/T85nfMb4J3bxTlFO91YXCa7HoF1e0nOyC69pTEKOZvpw a/u/nPXf14nhEJzhYwoKoZJ9AoAbUiNvfFtMQF9doRiCD+68XsVPia5DLKt380qC9rKD 4LQf+FpEGWrFUyqtKDQhHs5+oGnfNBjQWRwSBab+JZLPg9TkAHFaLK9HfcZ5TrCcFsIS qajlJiLQfESjSrUMKUZH7F+InQP9dtMFrfYegNnamoQvVJUJs3DQ5qjVSIvkbTehn8Uv aWEQ== X-Gm-Message-State: AEkoouvjXoR+DCWBm391edY6Oil1a0M8/YgkuoFaYQBBX+V8Q2Sn7FOfacP5E6vJKABwYlHN/wB9eKM94DRf63Kd X-Received: by 10.55.4.133 with SMTP id 127mr78082907qke.207.1470150164873; Tue, 02 Aug 2016 08:02:44 -0700 (PDT) MIME-Version: 1.0 Received: by 10.200.39.249 with HTTP; Tue, 2 Aug 2016 08:02:44 -0700 (PDT) In-Reply-To: <7f573fc4-2820-ebd3-7b15-d8a1cd023372@freebsd.org> References: <7f573fc4-2820-ebd3-7b15-d8a1cd023372@freebsd.org> From: Michael Sierchio Date: Tue, 2 Aug 2016 08:02:44 -0700 Message-ID: Subject: Re: your thoughts on a particualar ipfw action. To: Julian Elischer , ipfw mailing list Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Aug 2016 15:02:46 -0000 On Tue, Aug 2, 2016 at 1:08 AM, Julian Elischer wrote: > > A recent addition to our armory is the geoip program that, given an > address can tell you what country it is in and given a country code, can > give an ipfw table that describes all the ip addresses in that country. > > I look forward to getting acquainted with the new features, but I have an observation - a database of networks by country is not invariably a geographic database. If you were to look at IP allocations in the Caribbean, or other overseas territories of the Netherlands, France, etc. you'd see what I mean. There's even a bit of FR in North America, Saint-Pierre & Miquelon. It works pretty well for excluding North Korea, Afghanistan, Yemen, Somalia, etc. but can sometimes be confusing. --=20 "Well," Brahma said, "even after ten thousand explanations, a fool is no wiser, but an intelligent man requires only two thousand five hundred." - The Mah=C4=81bh=C4=81rata