Julian Elischer
2016-08-02 05:32:09 UTC
Is there a ports committer who could take this in?
Since this announcement, he's made several fixes and enhancements,
including the ability
to directly populate ipfw tables with country ranges etc.
Very useful, and we should have it in ports, probably in net-mgmt/
I've kicked the tires and it performs as advertised .
The Makefiles work well for installing on FreeBSD-current and 11 but
someone who knows ports makefiles better than I could probably knock
up a port for it in about 3 minutes flat.
I'm not sure what name he would like it to go under.. the geoip
program (which I find more interesting) came later,
but as a better name I think.
Can we import directly from github? do we keep a copy in our cache if
we do? (I guess we could get the zip file..)
Julian
-------- Forwarded Message --------
I have written a ipfw divert filter daemon for IPv4 geo-blocking. It is working flawlessly on two server installations since a week.
Anyway, I am still in doubt whether I do the blocking in the correct way. Once the filter receives a packet from the respective divert socket it looks up the country code of the source IP in the IP-Ranges database, and if the country code shall be allowed then it returns the unaltered packet via said socket, otherwise, the filter does no further processing, so the packet is effectively gone, lost, dropped, discarded, or whatever would be the correct terminology. Is this the really the correct way of denying a packet, or is it necessary to inform ipfw somehow about the circumstances, so it can run a proper dropping procedure?
I uploaded the filter + accompanying tools to GitHub
https://github.com/cyclaero/ipdb
Many thnaks for any advices in advance.
Best regards
Rolf
_______________________________________________
freebsd-***@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-***@freebsd.org"
Since this announcement, he's made several fixes and enhancements,
including the ability
to directly populate ipfw tables with country ranges etc.
Very useful, and we should have it in ports, probably in net-mgmt/
I've kicked the tires and it performs as advertised .
The Makefiles work well for installing on FreeBSD-current and 11 but
someone who knows ports makefiles better than I could probably knock
up a port for it in about 3 minutes flat.
I'm not sure what name he would like it to go under.. the geoip
program (which I find more interesting) came later,
but as a better name I think.
Can we import directly from github? do we keep a copy in our cache if
we do? (I guess we could get the zip file..)
Julian
-------- Forwarded Message --------
I have written a ipfw divert filter daemon for IPv4 geo-blocking. It is working flawlessly on two server installations since a week.
Anyway, I am still in doubt whether I do the blocking in the correct way. Once the filter receives a packet from the respective divert socket it looks up the country code of the source IP in the IP-Ranges database, and if the country code shall be allowed then it returns the unaltered packet via said socket, otherwise, the filter does no further processing, so the packet is effectively gone, lost, dropped, discarded, or whatever would be the correct terminology. Is this the really the correct way of denying a packet, or is it necessary to inform ipfw somehow about the circumstances, so it can run a proper dropping procedure?
I uploaded the filter + accompanying tools to GitHub
https://github.com/cyclaero/ipdb
Many thnaks for any advices in advance.
Best regards
Rolf
_______________________________________________
freebsd-***@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-***@freebsd.org"