Abdullah Ibn Hamad Al-Marri wrote:
On 5/9/07, Miroslav Lachman <[EMAIL PROTECTED]> wrote:
Abdullah Ibn Hamad Al-Marri wrote:
> Hello,
>
> I would like to use GeoIP db and update the country db rule, then make
> the pf to read the db, and allow certian contries to connect to the
> web server.
[...]
So all Czech IPs are in /etc/pf.czech_net.table which is loaded in to
pf.conf byt this line:
table <czech_net> persist file "/etc/pf.czech_net.table"
Then you can do what ever you whant with these IP addresses (block /
pass / redirect...)
[...]
Another question, how about the update per month? do I need to kill pf
and run it again? or a crontab would do the trick and update the IPs?
No need to kill it. Maybe you can use /etc/rc.d/pf reload (I don't test
it), or as you can read in man page of pfctl, you can populate tables
from commandline / scripts etc.:
http://www.freebsd.org/cgi/man.cgi?query=pfctl&format=html
Load only the table definitions from pf.conf(5)
# pfctl -Tl -f pf.conf
For the add, delete, replace, and test commands, the list of
addresses can be specified either directly on the command line
and/or in an unformatted text file, using the -f flag.
Miroslav Lachman
_______________________________________________
freebsd-pf@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-pf
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
