From owner-freebsd-pf@FreeBSD.ORG Wed May 9 12:20:02 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 5625716A404 for ; Wed, 9 May 2007 12:20:02 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from frontmail.ipactive.de (frontmail.maindns.de [85.214.95.103]) by mx1.freebsd.org (Postfix) with ESMTP id 1366413C46C for ; Wed, 9 May 2007 12:20:01 +0000 (UTC) (envelope-from volker@vwsoft.com) Received: from mail.vtec.ipme.de (Q7d6a.q.ppp-pool.de [89.53.125.106]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by frontmail.ipactive.de (Postfix) with ESMTP id BA432128843 for ; Wed, 9 May 2007 14:19:54 +0200 (CEST) Received: from cesar.sz.vwsoft.com (cesar.sz.vwsoft.com [192.168.16.3]) by mail.vtec.ipme.de (Postfix) with ESMTP id 861293F4E8; Wed, 9 May 2007 14:19:30 +0200 (CEST) Message-ID: <4641BC51.7080804@vwsoft.com> Date: Wed, 09 May 2007 14:19:29 +0200 From: Volker User-Agent: Thunderbird 2.0.0.0 (X11/20070420) MIME-Version: 1.0 To: Abdullah Ibn Hamad Al-Marri References: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com> <46418C6A.5000607@quip.cz> <499c70c0705090201v3534eef2ybe9c2f7218e714dc@mail.gmail.com> In-Reply-To: <499c70c0705090201v3534eef2ybe9c2f7218e714dc@mail.gmail.com> X-Enigmail-Version: 0.95.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-VWSoft-MailScanner: Found to be clean X-MailScanner-From: volker@vwsoft.com X-ipactive-MailScanner-Information: Please contact the ISP for more information X-ipactive-MailScanner: Found to be clean X-ipactive-MailScanner-From: volker@vwsoft.com Cc: freebsd-pf@freebsd.org Subject: Re: Re: PF and GeoIP to update country table? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2007 12:20:02 -0000 On 12/23/-58 20:59, Abdullah Ibn Hamad Al-Marri wrote: > Another question, how about the update per month? do I need to kill pf > and run it again? or a crontab would do the trick and update the IPs? Abdullah, unfortunately I'm unable to imagine if it's nice or really, really bad idea to block certain countries. It sounds like a chinese wall. If the machine in question is a web server, it might be a hardly bad idea and would lead into another dimension of separating the world. Anyway, if you want to replace the in-memory table with a fresh one from disk, pfctl is your friend. Have a look at pfctl(8), especially the parameters '-t' and '-T'. Doing a `pfctl -t mychinesewall -T replace -f /tmp/dolistalltheworld.txt' would be enough. HTH Volker