PF and GeoIP to update country table?
Miroslav Lachman
000.fbsd at quip.cz
Wed May 9 12:06:43 UTC 2007
Abdullah Ibn Hamad Al-Marri wrote:
> On 5/9/07, Miroslav Lachman <000.fbsd at quip.cz> wrote:
>
>> Abdullah Ibn Hamad Al-Marri wrote:
>> > Hello,
>> >
>> > I would like to use GeoIP db and update the country db rule, then make
>> > the pf to read the db, and allow certian contries to connect to the
>> > web server.
[...]
>> So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to
>> pf.conf byt this line:
>> table <czech_net> persist file "/etc/pf.czech_net.table"
>> Then you can do what ever you whant with these IP addresses (block /
>> pass / redirect...)
[...]
> Another question, how about the update per month? do I need to kill pf
> and run it again? or a crontab would do the trick and update the IPs?
No need to kill it. Maybe you can use /etc/rc.d/pf reload (I don't test
it), or as you can read in man page of pfctl, you can populate tables
from commandline / scripts etc.:
http://www.freebsd.org/cgi/man.cgi?query=pfctl&format=html
Load only the table definitions from pf.conf(5)
# pfctl -Tl -f pf.conf
For the add, delete, replace, and test commands, the list of
addresses can be specified either directly on the command line
and/or in an unformatted text file, using the -f flag.
Miroslav Lachman
More information about the freebsd-pf
mailing list