> I've been reading Jacek's book on pf but haven't > found a way to block packets on the basis of the > country of origin. Is it that possible in pf?
Yes, but you'll need to define what IP blocks you want blocked yourself. I have resorted to this myself to stop certain known spam havens from hitting some of my servers. I have a pf table /etc/tables/spammers that does just that. Then just add a table definition line and one simple pf rule as such: -------------- ... table <spammers> persist file "/etc/tables/spammers" ... block in log quick on $ext from <spammers> to any ... -------------- In that table are subnets of all the IP blocks I want to consider as spam havens to block. One starting point for you to consider in your quest for IP lists is /etc/spamd.conf which has URLs of places to get IP lists to block--some of them are national. These lists can make the foundation of what you're after I imagine. Kevin -- http://www.ebiinc.com - Background Screening from EBI Corporate background checks and drug testing, worldwide.
