Ok, now, from south america WHERE WE THE INDIANS LIVE, and with this
question understood from the first moment and before all the short minded
discussion.
The approach for this technical issue ill do is a script to insert those
rules. Off course there could be a lot of other approaches but.
If my csv is something like this
CountryA,a.b.c.d/16
countryA,z.x.d.e/12
Ill do something like
---cut here
#!/usr/bin/perl -w
open FILE,"<file.csv";
while(<FILE>)
{
@a=split(",",$_);
System("iptables -A CHAIN -s $a[0] -j DROP");
}
Close FILE;
---cut here
But, i think that you can choose the method based on these directive
"if theres more banned addresses of permited" < set policy to drop and add
the allowed ones with a script like the posted one.
"if theres more allowed addresses of banned" < to set policy to accept is
not a good idea, at least you may add a drop at the bottom of the chain and
use the script provided.
Off course there could be other approaches, but i hope it helps.
Regards
-----Mensaje original-----
De: netfilter-bounces@xxxxxxxxxxxxxxxxxxx
[mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] En nombre de
nutbrownhares@xxxxxxx
Enviado el: Lunes, 20 de Septiembre de 2004 10:58
Para: netfilter@xxxxxxxxxxxxxxxxxxx
Asunto: Blocking Netranges Based on IP-to-Country CSV
With all due respect, I initially asked a technical question: given a data
file, how does one block ranges from that file. I didn't ask if people
agreed or disagreed with why we want to do this. The "why" isn't relevant
to the discussion. I'm also not interested in whether it is or is not 100%
effective; I know it isn't. It will still eliminate 95% of the traffic I
want to stop. So far I've seen a lot of political opinions. Does anyone
have a technical answer?
