On Mon, 2004-09-20 at 09:57, nutbrownhares@xxxxxxx wrote: > With all due respect, I initially asked a technical question: given a data file, how does one block ranges from that file. I didn't ask if people agreed or disagreed with why we want to do this. The "why" isn't relevant to the discussion. I'm also not interested in whether it is or is not 100% effective; I know it isn't. It will still eliminate 95% of the traffic I want to stop. So far I've seen a lot of political opinions. Does anyone have a technical answer? > true that. FILE="/path/to/file" for ADDR in `cat $FILE`; do iptables -A mychain -s $ADDR -j DROP done the above assumes that $FILE contains a list of IP addresses or IP/PREFIX values, one per line. it also assumes that "mychain" exists, and that you want to block the addresses in $FILE by source. adjust as needed for your exact situation. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
