James W. McKeand wrote:
>Tim Vaughan wrote:
>>Presumably, providing a simple way to edit /etc/hosts directly would
>>be sufficient? I'd like to be able to paste a big list of ad/spyware
>>etc. servers into it.
>If you are talking about blocking IPs/subnets I don't have any good
>ideas. Creating a list of aliases then crafting the firewall rules to
>block traffic to/from these aliases would be a severe burden on your
>m0n0wall and maintenance would be time consuming. Your list of rules
>could be quite long...
yes, I am talking about IPs and subnets. here is a live example of my
@3 block in quick from 220.127.116.11/19 to any group 200
@4 block in quick from 18.104.22.168/14 to any group 200
these two networks (and about 20 others, some as far as /8) I have
identified a couple of months ago as "don't need it", either because one
or more hosts pestered my web server or, in the case of the chinese
subnet, were used for sshd brute force attacks. right now, I am blocking
about 10 networks like this through 10 individual rules. I have seen,
for example in Mndrake MNF, a "configuration page" for such a blacklist,
where the user can simply add unwanted networks and the rules get
automatically generated and don't show up in the normal firewall rules
page, simply for cosmetic reasons - basically separate the config into
two pages, "general sh*tlist hosts/networks" and "relevant rules". Don't
know how to describe it better, the more I think about it, it is a
cosmetic thing to keep the rules page clean and manageable, while being
able to keep unwanted IP blocks out - I don't know anyone in China or
Romania who would have an interest in my little photoalbum on my
You mentioned strain on the firewall, which is a valid point. Is there a
way to quantify processor load for blocking entire subnets?
I might have some spare time coming up the next couple of weekends and
start playing around with the VMWare image to see if I can whip up a
page like that.