On 28-jul-2007, at 5:08, Albert Lash wrote:
> On 7/27/07, Chris Buechler <cbuechler at gmail dot com> wrote:
>> On 7/27/07, Peter Teunissen <lists at onemanifest dot net> wrote:
>>> I'd like to block traffic from China, using a zone file from http://
>>> www.ipdeny.com/ipblocks/. But in the GUI it's not possible to easily
>>> add such a long list of ip ranges. Is there another way to add
>>> such a
>>> list to m0n0wall, for example by editing the settingsfile and
>>> creating an alias for the whole list?
>> You can't create aliases of multiple items.
>> Your best bet on accomplishing this is likely to backup your config,
>> write a script to manually insert all the rules (which will be a TON
>> of them) into the config and then restore the changed config.
> This is a great question and a good solution. Peter, if you do write a
> script to generate the configuration text, perhaps it could be
> integrated into m0n0wall to iterate through a carriage return
> separated arrays of cidr blocks.
> Well, maybe that isn't such a good idea. Would the ip blocks be
> inserted into XML one by one, or would it be possible to put them all
> into one XML node? I assume it would be faster for the ip blocks to be
> in a single node, but that would be more complicated to support.
Thanx Chris, I'll look into that.
I'm not sure if the solution I cook up will be useful to m0n0wall,
but It would really be a nice feature to be able to alias whole ip
Another thing I'm curious about is the preformance of such a huge
list of ip's. If I succeed, I'll post my findings.