From owner-freebsd-pf@FreeBSD.ORG Wed May 9 12:58:56 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 3C72116A404 for ; Wed, 9 May 2007 12:58:56 +0000 (UTC) (envelope-from iggdawg@gmail.com) Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.224]) by mx1.freebsd.org (Postfix) with ESMTP id DD3BA13C448 for ; Wed, 9 May 2007 12:58:55 +0000 (UTC) (envelope-from iggdawg@gmail.com) Received: by nz-out-0506.google.com with SMTP id s1so193156nze for ; Wed, 09 May 2007 05:58:55 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=G3IJ5Tv/KPvd0H1+ni1Jp3sJx/p9OhB7UaLNV7ywvAl7+9XvNWEbKE2WnEkNownM+/QG/kGSmNlOEeV+XFhngztR2P7mztlQY7rprQ/6UxmV3o5HrYYgR39nafdo21DfT5NErbLw4UyCzoj2oW7fxbLLygfYMCU5QdWQphGDFeY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=M+74GD0nc1XPgyK7hblucTO7kVxWhYqqI2bSIr9ktZ5a7Jo4HnL/rqwR+hmlw85hKBsvD1fIsNLH9+/MRXfMF7HlB4JLdc3l5Bqy84KtJmI0oPp1WAfHe/2DD68iohZuOo7Zh326VFEum9O8mSsL3ZUWH5W0ztCQ3wYNtKph918= Received: by 10.114.137.2 with SMTP id k2mr156068wad.1178713984228; Wed, 09 May 2007 05:33:04 -0700 (PDT) Received: by 10.114.180.20 with HTTP; Wed, 9 May 2007 05:33:04 -0700 (PDT) Message-ID: Date: Wed, 9 May 2007 08:33:04 -0400 From: iggdawg@gmail.com To: freebsd-pf@freebsd.org In-Reply-To: <20070509120023.71BB016A482@hub.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20070509120023.71BB016A482@hub.freebsd.org> Subject: Re: freebsd-pf Digest, Vol 137, Issue 3 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2007 12:58:56 -0000 Hi, The following command could be loaded via cron with the "monthly" crontask, or via some other script (assuming blacklist table is "GeoList" and you are using the default pf.conf) pfctl -t hotlist -T flush -Tl -f /etc/pf.conf > > > Hello, > > > > > > I would like to use GeoIP db and update the country db rule, then make > > > the pf to read the db, and allow certian contries to connect to the > > > web server. > > > > > > Is this possible? > > > > Yes, I am using it. > > > > Just download and uncompress the CSV GeoIP version and do something like > > this (example for Czech Republic IPs): > > > > grep Czech GeoIPCountryWhois.csv | awk 'BEGIN { FS="," } { print $1"-"$2 > > }' | sed 's/"//g' | tableutil -q text > /etc/pf.czech_net.table > > > > tableutil is from ports (net/tableutil) > > > > So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to > > pf.conf byt this line: > > table persist file "/etc/pf.czech_net.table" > > Then you can do what ever you whant with these IP addresses (block / > > pass / redirect...) > > > > Miroslav Llachman > > Thanks for your help this really great!, you made my day :) > > I was also surfing the net and found this interesting Debian HOWTO > http://www.debian-administration.org/articles/518 > > Another question, how about the update per month? do I need to kill pf > and run it again? or a crontab would do the trick and update the IPs? > > > -- > Regards, > > -Abdullah Ibn Hamad Al-Marri > Arab Portal > http://www.WeArab.Net/ > >