On 7/27/07, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 7/27/07, Peter Teunissen <lists at onemanifest dot net> wrote:
> > I'd like to block traffic from China, using a zone file from http://
> > www.ipdeny.com/ipblocks/. But in the GUI it's not possible to easily
> > add such a long list of ip ranges. Is there another way to add such a
> > list to m0n0wall, for example by editing the settingsfile and
> > creating an alias for the whole list?
> You can't create aliases of multiple items.
> Your best bet on accomplishing this is likely to backup your config,
> write a script to manually insert all the rules (which will be a TON
> of them) into the config and then restore the changed config.
This is a great question and a good solution. Peter, if you do write a
script to generate the configuration text, perhaps it could be
integrated into m0n0wall to iterate through a carriage return
separated arrays of cidr blocks.
Well, maybe that isn't such a good idea. Would the ip blocks be
inserted into XML one by one, or would it be possible to put them all
into one XML node? I assume it would be faster for the ip blocks to be
in a single node, but that would be more complicated to support.