On Mon, Mar 8, 2010 at 16:11, Erik Norgaard <norga...@locolomo.org> wrote:
> On 08/03/10 18:56, Jason Garrett wrote: > > Much better, restrict the client access to certain ranges of IPs. The >>> different registries publish ip ranges assigned per country and you can >>> create a list blocking countries you are certain not to visit, you can >>> use >>> my script: >>> >>> http://www.locolomo.org/pub/src/toolbox/inet.pl >>> >>> Great script! Just one question. Where do you put the list of denied ip >> ranges? >> > > The output is written to be used with packet filter, if you use some other > firewall you may need edit the script. If you use packet filter, then you > can dump the list into a file and create tables like this: > > table <blacklist> persist file "/etc/blacklist" > block in quick from <blacklist> > > I use blacklisting for mail while I use whitelisting for ssh. > > You should know the limits of the script, the problem is that some ranges > have been assigned directly by IANA, particularly for US. These are not > included. The list is limited as these are all /8 chunks, you can find it > here: > > http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml > > These ranges are managed by private organisations and assigned as they see > fit. > > There is another thing I'd like to filter by: I'd like to eliminate dynamic > ranges, particularly for mail. It's been recommended that reverse lookup > resolves to something like dyn.example.com or dynamic.example.com, but > there is no registry where you can simply look it up. > > Thanks! I'm not sure what ranges the OP is looking for, but I only want to allow from US ip's for now, since I never travel outside the country. > > BR, Erik > -- > Erik Nørgaard > Ph: +34.666334818/+34.915211157 http://www.locolomo.org > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscr...@freebsd.org" > _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
