[Fwd: Re: Blocking Netranges Based on IP-to-Country CSV]

Aleksandar Milivojevic <amilivojevic@xxxxxx> · Thu, 16 Sep 2004 13:29:59 -0500

Probably needed to end up on the list...

--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7
--- Begin Message ---

To: amilivojevic@xxxxxx
Subject: RE: Blocking Netranges Based on IP-to-Country CSV
From: "Nicolas Bouliane" <nib@xxxxxxxxxxxxxxxx>
Date: Thu, 16 Sep 2004 13:56:53 -0400 (EDT)
Importance: Normal
User-agent: SquirrelMail/1.4.3a

Gary & Mic McFall wrote:

>Due to a number of issues, my organization is reviewing the ability to
>block certain country domains at the firewall.  To be proactive, we want
>to automate that process via iptables & the CSV available at
><http://ip-to-country.webhosting.info>.

I currently work on a match geoip based on the maxmind database.
You can observe my development state to:
http://codepoet.cookinglinux.net/cgi-bin/blosxom.cgi

and my current source code at:
http://www.cookinglinux.org/projects/netfilter-iptables/geoip_alpha-0.3/

Anyway I really dont know if my concept is ok. Using netlink in a match. I
was wait to have a usable code to post.

If you plan to use my source code, please let me know, thanks.

--
Nicolas Bouliane
nib@xxxxxxxxxxxxxxxx

--- End Message ---