Date: Wed, 09 May 2007 14:06:38 +0200 From: Miroslav Lachman <000.fbsd@quip.cz> To: Abdullah Ibn Hamad Al-Marri <almarrie@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: PF and GeoIP to update country table? Message-ID: <4641B94E.2040002@quip.cz> In-Reply-To: <499c70c0705090201v3534eef2ybe9c2f7218e714dc@mail.gmail.com> References: <499c70c0705090045q121d9a36n45c0bf6c69928273@mail.gmail.com> <46418C6A.5000607@quip.cz> <499c70c0705090201v3534eef2ybe9c2f7218e714dc@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Abdullah Ibn Hamad Al-Marri wrote: > On 5/9/07, Miroslav Lachman <000.fbsd@quip.cz> wrote: > >> Abdullah Ibn Hamad Al-Marri wrote: >> > Hello, >> > >> > I would like to use GeoIP db and update the country db rule, then make >> > the pf to read the db, and allow certian contries to connect to the >> > web server. [...] >> So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to >> pf.conf byt this line: >> table <czech_net> persist file "/etc/pf.czech_net.table" >> Then you can do what ever you whant with these IP addresses (block / >> pass / redirect...) [...] > Another question, how about the update per month? do I need to kill pf > and run it again? or a crontab would do the trick and update the IPs? No need to kill it. Maybe you can use /etc/rc.d/pf reload (I don't test it), or as you can read in man page of pfctl, you can populate tables from commandline / scripts etc.: http://www.freebsd.org/cgi/man.cgi?query=pfctl&format=html Load only the table definitions from pf.conf(5) # pfctl -Tl -f pf.conf For the add, delete, replace, and test commands, the list of addresses can be specified either directly on the command line and/or in an unformatted text file, using the -f flag. Miroslav Lachman
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4641B94E.2040002>