Ruler2112 wrote:I created a script to block IPs listed in the EmergingThreats.org list, updating both the list and firewall from the nightly cron job. It would be very simple to run a separate copy from cron for each country you wish to block and thereby have an updated list and firewall for each.
There's also some discussion on the efficiency and memory usage of having huge tables of IPs to block in that thread. Basically, pf sorts the IPs when it adds them to a table so lookups are very fast and the amount of memory consumed is inconsequential.
That ipdeny site is great - I never knew such a thing existed before!
gunzip -c - | sed "s/.*:\([0-9.-]\)/\1/" | \
tableutil -q text 2> /dev/null > /tmp/blocklist
Excalibur wrote:I'm sorry, as I'm really new to FreeBSD, does this work with IPFW as well?
Users browsing this forum: No registered users and 0 guests