Date: Wed, 9 May 2007 12:01:34 +0300 From: "Abdullah Ibn Hamad Al-Marri" <almarrie@gmail.com> To: "Miroslav Lachman" <000.fbsd@quip.cz> Cc: freebsd-pf@freebsd.org Subject: Re: PF and GeoIP to update country table? Message-ID: <499c70c0705090201v3534eef2ybe9c2f7218e714dc@mail.gmail.com> In-Reply-To: <46418C6A.5000607@quip.cz> References: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com> <46418C6A.5000607@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/9/07, Miroslav Lachman <000.fbsd@quip.cz> wrote:
> Abdullah Ibn Hamad Al-Marri wrote:
> > Hello,
> >
> > I would like to use GeoIP db and update the country db rule, then make
> > the pf to read the db, and allow certian contries to connect to the
> > web server.
> >
> > Is this possible?
>
> Yes, I am using it.
>
> Just download and uncompress the CSV GeoIP version and do something like
> this (example for Czech Republic IPs):
>
> grep Czech GeoIPCountryWhois.csv | awk 'BEGIN { FS="," } { print $1"-"$2
> }' | sed 's/"//g' | tableutil -q text > /etc/pf.czech_net.table
>
> tableutil is from ports (net/tableutil)
>
> So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to
> pf.conf byt this line:
> table <czech_net> persist file "/etc/pf.czech_net.table"
> Then you can do what ever you whant with these IP addresses (block /
> pass / redirect...)
>
> Miroslav Llachman
Thanks for your help this really great!, you made my day :)
I was also surfing the net and found this interesting Debian HOWTO
http://www.debian-administration.org/articles/518
Another question, how about the update per month? do I need to kill pf
and run it again? or a crontab would do the trick and update the IPs?
--
Regards,
-Abdullah Ibn Hamad Al-Marri
Arab Portal
http://www.WeArab.Net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?499c70c0705090201v3534eef2ybe9c2f7218e714dc>