From owner-freebsd-pf@FreeBSD.ORG  Wed May  9 09:11:56 2007
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
X-Original-To: freebsd-pf@freebsd.org
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 6B26C16A402
	for <freebsd-pf@freebsd.org>; Wed,  9 May 2007 09:11:56 +0000 (UTC)
	(envelope-from 000.fbsd@quip.cz)
Received: from elsa.codelab.cz (elsa.codelab.cz [82.208.36.70])
	by mx1.freebsd.org (Postfix) with ESMTP id 2BD1E13C457
	for <freebsd-pf@freebsd.org>; Wed,  9 May 2007 09:11:55 +0000 (UTC)
	(envelope-from 000.fbsd@quip.cz)
Received: from localhost (localhost.codelab.cz [127.0.0.1])
	by elsa.codelab.cz (Postfix) with ESMTP id 2EF9B19E02A;
	Wed,  9 May 2007 10:55:08 +0200 (CEST)
Received: from [192.168.1.2] (grimm.quip.cz [213.220.192.218])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by elsa.codelab.cz (Postfix) with ESMTP id 1FD0019E027;
	Wed,  9 May 2007 10:55:03 +0200 (CEST)
Message-ID: <46418C6A.5000607@quip.cz>
Date: Wed, 09 May 2007 10:55:06 +0200
From: Miroslav Lachman <000.fbsd@quip.cz>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
	rv:1.7.12) Gecko/20050915
X-Accept-Language: cz, cs, en, en-us
MIME-Version: 1.0
To: Abdullah Ibn Hamad Al-Marri <almarrie@gmail.com>
References: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com>
In-Reply-To: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-pf@freebsd.org
Subject: Re: PF and GeoIP to update country table?
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 09 May 2007 09:11:56 -0000

Abdullah Ibn Hamad Al-Marri wrote:
> Hello,
> 
> I would like to use GeoIP db and update the country db rule, then make
> the pf to read the db, and allow certian contries to connect to the
> web server.
> 
> Is this possible?

Yes, I am using it.

Just download and uncompress the CSV GeoIP version and do something like 
this (example for Czech Republic IPs):

grep Czech GeoIPCountryWhois.csv | awk 'BEGIN { FS="," } { print $1"-"$2 
}' | sed 's/"//g' | tableutil -q text > /etc/pf.czech_net.table

tableutil is from ports (net/tableutil)

So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to 
pf.conf byt this line:
table <czech_net> persist file "/etc/pf.czech_net.table"
Then you can do what ever you whant with these IP addresses (block / 
pass / redirect...)

Miroslav Llachman