Date: Mon, 25 Jul 2016 11:28:58 -0300 From: "Dr. Rolf Jansen" <rj@cyclaero.com> To: freebsd-ipfw@freebsd.org Subject: ipfw divert filter for IPv4 geo-blocking Message-ID: <61DFB3E2-6E34-4EEA-8AC6-70094CEACA72@cyclaero.com>
next in thread | raw e-mail | index | archive | help
I have written a ipfw divert filter daemon for IPv4 geo-blocking. It is = working flawlessly on two server installations since a week. Anyway, I am still in doubt whether I do the blocking in the correct = way. Once the filter receives a packet from the respective divert socket = it looks up the country code of the source IP in the IP-Ranges database, = and if the country code shall be allowed then it returns the unaltered = packet via said socket, otherwise, the filter does no further = processing, so the packet is effectively gone, lost, dropped, discarded, = or whatever would be the correct terminology. Is this the really the = correct way of denying a packet, or is it necessary to inform ipfw = somehow about the circumstances, so it can run a proper dropping = procedure? I uploaded the filter + accompanying tools to GitHub https://github.com/cyclaero/ipdb Many thnaks for any advices in advance. Best regards Rolf =20
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61DFB3E2-6E34-4EEA-8AC6-70094CEACA72>