|
||||||||||
James W. McKeand wrote: >Tim Vaughan wrote: > > >>Presumably, providing a simple way to edit /etc/hosts directly would >>be sufficient? I'd like to be able to paste a big list of ad/spyware >>etc. servers into it. >> >> > > > > >If you are talking about blocking IPs/subnets I don't have any good >ideas. Creating a list of aliases then crafting the firewall rules to >block traffic to/from these aliases would be a severe burden on your >m0n0wall and maintenance would be time consuming. Your list of rules >could be quite long... > > > > yes, I am talking about IPs and subnets. here is a live example of my status.php: @3 block in quick from 69.46.0.0/19 to any group 200 @4 block in quick from 218.84.0.0/14 to any group 200 these two networks (and about 20 others, some as far as /8) I have identified a couple of months ago as "don't need it", either because one or more hosts pestered my web server or, in the case of the chinese subnet, were used for sshd brute force attacks. right now, I am blocking about 10 networks like this through 10 individual rules. I have seen, for example in Mndrake MNF, a "configuration page" for such a blacklist, where the user can simply add unwanted networks and the rules get automatically generated and don't show up in the normal firewall rules page, simply for cosmetic reasons - basically separate the config into two pages, "general sh*tlist hosts/networks" and "relevant rules". Don't know how to describe it better, the more I think about it, it is a cosmetic thing to keep the rules page clean and manageable, while being able to keep unwanted IP blocks out - I don't know anyone in China or Romania who would have an interest in my little photoalbum on my webserver :) You mentioned strain on the firewall, which is a valid point. Is there a way to quantify processor load for blocking entire subnets? I might have some spare time coming up the next couple of weekends and start playing around with the VMWare image to see if I can whip up a page like that. Thanks Sven > > > |