Date: Wed, 09 May 2007 14:19:29 +0200 From: Volker <volker@vwsoft.com> To: Abdullah Ibn Hamad Al-Marri <almarrie@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: Re: PF and GeoIP to update country table? Message-ID: <4641BC51.7080804@vwsoft.com> In-Reply-To: <499c70c0705090201v3534eef2ybe9c2f7218e714dc@mail.gmail.com> References: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com> <46418C6A.5000607@quip.cz> <499c70c0705090201v3534eef2ybe9c2f7218e714dc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/23/-58 20:59, Abdullah Ibn Hamad Al-Marri wrote: > Another question, how about the update per month? do I need to kill pf > and run it again? or a crontab would do the trick and update the IPs? Abdullah, unfortunately I'm unable to imagine if it's nice or really, really bad idea to block certain countries. It sounds like a chinese wall. If the machine in question is a web server, it might be a hardly bad idea and would lead into another dimension of separating the world. Anyway, if you want to replace the in-memory table with a fresh one from disk, pfctl is your friend. Have a look at pfctl(8), especially the parameters '-t' and '-T'. Doing a `pfctl -t mychinesewall -T replace -f /tmp/dolistalltheworld.txt' would be enough. HTH Volker
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4641BC51.7080804>