[ previous ] [ next ] [ threads ]
 From:  Kris Maglione <bsdaemon at comcast dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] loadable block lists
 Date:  Tue, 13 Sep 2005 10:03:18 -0400
Peter wrote:

>What I would like to do is instead block these IP's at the firewall level but adding 850 rules is a
task I'm not up to. Has anyone developed a way to load a listing of IP's into m0n0 for blocking? 
Unfortunately, ipf doesn't (to my knowledge, anyway) support ip lists or 
tables for rules. This means that each IP would have to be indevidually 
added as a separate rule, which may be somewhat slow. It should be 
possible, though, using a special kind of alias (which we don't 
support). It should be possible to set up a 'Host list' type alias which 
accepts a file upload of ips or hostnames (preferably ips), and then to 
write out a separate rule for each one. I'm wary of the idea, since, 
like I said, it would require a separate rule for each... at numbers 
like 850, that could seriously be a problem.