On Mon, 2004-09-20 at 08:06, Thomas Lußnig wrote: > > - Extereme overload for IP-tables since it need extreme large table of > ip lists I beg to disagree. Most range blocking is done more on a region basis rather than by individual country (i.e. permit countries in Europe but maybe block Asia-Pacific). Given that IP ranges are delegated in large blocks (class A and B being the norm), it actually takes very few rules. For example I've had iptables firewalls pushing 400 Mb with region based filtering in place. Worked like a champ. > - Is extreme faulty since IP's are not original assinged to country but > locations like Europe. Agreed, so if you are trying to target a specific country, you may run into problems in areas like Europe. Blocking by region is less of an issue but you can still run into problems (like class A blocks in Asia that are also used in Australia, etc.). > - How you wan't to do the next step someone say i not wan't to select > based on country bot wan't different web server > for region's with different main language. ASIA -> UTF8/Chinese Europe > Latin1/Frensh,German,English America => Spain/english Actually, I'm pretty sure you could do this today with Squid. ;-) Obviously a portion of this is "intent". If its to reduce risk, its one thing. Banning based on color or creed is another. For example there are Spanish people all over the world so banning based on the language sounds like its more about discrimination rather than lowering risk. HTH, Chris
