|
||||||||
Peter wrote: >What I would like to do is instead block these IP's at the firewall level but adding 850 rules is a task I'm not up to. Has anyone developed a way to load a listing of IP's into m0n0 for blocking? > > Unfortunately, ipf doesn't (to my knowledge, anyway) support ip lists or tables for rules. This means that each IP would have to be indevidually added as a separate rule, which may be somewhat slow. It should be possible, though, using a special kind of alias (which we don't support). It should be possible to set up a 'Host list' type alias which accepts a file upload of ips or hostnames (preferably ips), and then to write out a separate rule for each one. I'm wary of the idea, since, like I said, it would require a separate rule for each... at numbers like 850, that could seriously be a problem. |