Date: Tue, 26 Nov 2019 21:47:02 -0800 From: Julian Elischer <julian@freebsd.org> To: "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.ORG> Subject: geo blocking with ipfw ... the easy way Message-ID: <9e043ec9-e103-7dea-00b0-cb6af1474a59@freebsd.org>
next in thread | raw e-mail | index | archive | help
just in case someone wants to do this:
The following script sets up a table (which can be
used for blocking or allowing) in ipfw so that it holds
nets assigned to the USA and Australia.
You may select your own nets of course:
It uses the ipdbtools package.
(I run this from cron)
#!/bin/sh
ALLOWFILE=/root/AU+USA-GEOIPS.ipfw
MAILTABLE=20
ALT_MAILTABLE=21
AU_VAL=10000
US_VAL=10200
set -x
#fetch latest geo-ip ranges and set AU and USA into table ${MAILTABLE}
ipdb-update.sh
ipup -t AU=${AU_VAL}:US=${US_VAL} -n ${ALT_MAILTABLE} > ${ALLOWFILE}
ipfw table ${ALT_MAILTABLE} flush
ipfw -q -f ${ALLOWFILE}
ipfw table ${MAILTABLE} swap ${ALT_MAILTABLE}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9e043ec9-e103-7dea-00b0-cb6af1474a59>