[ previous ] [ next ] [ threads ]
 From:  "Albert Lash" <albert dot lash at gmail dot com>
 To:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] block using zonefiles
 Date:  Fri, 27 Jul 2007 23:08:13 -0400
On 7/27/07, Chris Buechler <cbuechler at gmail dot com> wrote:
> On 7/27/07, Peter Teunissen <lists at onemanifest dot net> wrote:
> >
> > I'd like to block traffic from China, using a zone file from http://
> > www.ipdeny.com/ipblocks/. But in the GUI it's not possible to easily
> > add such a long list of ip ranges. Is there another way to add such a
> > list to m0n0wall, for example by editing the settingsfile and
> > creating an alias for the whole list?
> >
> You can't create aliases of multiple items.
> Your best bet on accomplishing this is likely to backup your config,
> write a script to manually insert all the rules (which will be a TON
> of them) into the config and then restore the changed config.

This is a great question and a good solution. Peter, if you do write a
script to generate the configuration text, perhaps it could be
integrated into m0n0wall to iterate through a carriage return
separated arrays of cidr blocks.

Well, maybe that isn't such a good idea. Would the ip blocks be
inserted into XML one by one, or would it be possible to put them all
into one XML node? I assume it would be faster for the ip blocks to be
in a single node, but that would be more complicated to support.

- Albert