Date: Thu, 11 Aug 2016 21:06:03 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: "Dr. Rolf Jansen" <rj@obsigna.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: your thoughts on a particualar ipfw action. Message-ID: <20160811200425.F79687@sola.nimnet.asn.au> In-Reply-To: <9D024314-57A2-4079-B630-FB0D844DD5B5@obsigna.com> References: <20160805024301.H56585@sola.nimnet.asn.au> <B26AAEC0-593A-46D9-A22F-F6B4B78E7E8E@obsigna.com> <7486c7ce-49db-b6b9-a6bb-13f04b4ce6d6@freebsd.org> <F3D40C57-831D-4A7C-B84B-8DA34E4DC701@obsigna.com> <242DF6D8-4287-43BF-BE9F-CE1665D31ED2@obsigna.com> <9D024314-57A2-4079-B630-FB0D844DD5B5@obsigna.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 10 Aug 2016 -0300, Dr. Rolf Jansen wrote: (just curious: whereabouts is -0300? Brazil?) > > Am 08.08.2016 um 18:46 schrieb Dr. Rolf Jansen <rj@obsigna.com>: >> I am almost finished with preparing the tools for geo-blocking and >> geo-routing at the firewall for submission to the FreeBSD ports. >> I created a man file for the tools, see: >> https://cyclaero.github.io/ipdb/, and I added the recent suggestions >> on rule number/action code per country code, namely, I changed the >> formula for the x-flag to the suggestion of Ian (value = offset + >> ((C1 - 'A')*26 + (C2 - 'A'))*10), and I added the idea of directly >> assigning a number to a country code in the argument for the t-flag >> ("CC=nnnnn:..."). Furthermore, I removed the divert filter daemon >> from the Makefile. The source is still on GitHub, though, and can be >> re-vamped if necessary. Now I am going to prepare the Makefile for >> the port. Terrific work, Rolf! Something for everyone, although I'm guessing the pf people are going to want a piece of the action, if they need any more than the -p option and a bit of scripting. > I just submitted a PR asking to add the new port 'sysutils/ipdbtools'. > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211744 Wonderful. > I needed to change the name of the geoip tool, because GeoIP® is a > registered trademark of MaxMind, Inc., see www.maxmind.com. The name I did wonder about that .. > of the tool is now 'ipup' = abbreviated form of IP geo location table > generation and look- UP , that is without the boring middle part :-D > > Those, who used geoip already in some scripts, please excuse the > inconvenience of needing to change the name. > With the great help of Julian, I was able to improve the man file and > the latest version can be read online: > > https://cyclaero.github.io/ipdb/ Nice manual and all. A few typos noted below (niggly Virgo proofreader) I must apologise for added exasperation earlier. I was tending towards conflating several other ipfw issues under discussion (named states, new state actions, and this). Sorry if I bumped you off course momentarily, though I don't seem to have slowed you down too much .. As a hopefully not unwelcome aside, it's a pity that IBM, of all people, couldn't manage geo-blocking successfully for the Australian Census the other night. Next time around we can offer them a working geo-blocking firewall/router for a good deal less than the AU$9.6M we've paid IBM :) Census: How the Government says the website meltdown unfolded: http://www.abc.net.au/news/2016-08-10/census-night-how-the-shambles-unfolded/7712964 A more tech-savvy article than ABC or other news media managed so far: https://www.theguardian.com/australia-news/2016/aug/10/computer-says-no-australian-census-shambles-explanation-depends-on-who-you-ask cheers, Ian ======= It is suitable for inclusion into cron. "for invocation by cron" maybe? ipdb_update.sh has IPRanges="/usr/local/etc/ipdb/IPRanges" but some (not all) mentions in the manpage use "IP-Ranges" with a hyphen, including the FILES section. Also the last one there repeats "*bst.v4" for IPv6. It's not quite clear how to specify an 'empty CC list'? ''? ""? either? "from certain [countries?] we don't like .." "piped into sort of [or?] a pre-processing command .." =======
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160811200425.F79687>