# Deny web access from certain countries we don't like this week:
/usr/local/bin/ipup -t TR:SA:RU -n 66 | /sbin/ipfw -q /dev/stdin
/sbin/ipfw -q add 70 allow tcp from not table\(66\) to any 80,443 in recv em0 setup
@monthly curl -s http://www.ipdeny.com/ipblocks/data/countries/{cn,us,tr,ru,tw,ro,in,it,hu}.zone > \
[FILE]/usr/local/etc/blocked/geoblock[/FILE]
I just want to add, that this set of tools made it into the ports since, see sysutils/ipdbtools. Some more recent changes on GitHub addressed ARM compatibility. If this is meant to run on x86 only, the version in the ports would be perfect.Have a look at Thread 56874 and the tool it mentions by obsigna. I've been meaning to look at it myself.
ipfw -q table 3 add 5.62.60.4/30
ipfw -q table 3 add 5.62.62.4/30
ipfw -q table 3 add 37.255.187.0/27
#block email
${fwcmd} add 568 deny log all from 'table(3)' to any dst-port 110
${fwcmd} add 569 deny log all from 'table(3)' to any dst-port 143
${fwcmd} add 570 deny log all from 'table(3)' to any dst-port 465
${fwcmd} add 571 deny log all from 'table(3)' to any dst-port 587
${fwcmd} add 572 deny log all from 'table(3)' to any dst-port 993
${fwcmd} add 573 deny log all from 'table(3)' to any dst-port 995