Date: Wed, 09 May 2007 10:55:06 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: Abdullah Ibn Hamad Al-Marri <almarrie@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: PF and GeoIP to update country table? Message-ID: <46418C6A.5000607@quip.cz> In-Reply-To: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com> References: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Abdullah Ibn Hamad Al-Marri wrote:
> Hello,
>
> I would like to use GeoIP db and update the country db rule, then make
> the pf to read the db, and allow certian contries to connect to the
> web server.
>
> Is this possible?
Yes, I am using it.
Just download and uncompress the CSV GeoIP version and do something like
this (example for Czech Republic IPs):
grep Czech GeoIPCountryWhois.csv | awk 'BEGIN { FS="," } { print $1"-"$2
}' | sed 's/"//g' | tableutil -q text > /etc/pf.czech_net.table
tableutil is from ports (net/tableutil)
So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to
pf.conf byt this line:
table <czech_net> persist file "/etc/pf.czech_net.table"
Then you can do what ever you whant with these IP addresses (block /
pass / redirect...)
Miroslav Llachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46418C6A.5000607>