[ previous ] [ next ] [ threads ]
 
 From:  Peter Teunissen <lists at onemanifest dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] block using zonefiles
 Date:  Sat, 28 Jul 2007 14:03:21 +0200
On 28-jul-2007, at 5:08, Albert Lash wrote:

> On 7/27/07, Chris Buechler <cbuechler at gmail dot com> wrote:
>> On 7/27/07, Peter Teunissen <lists at onemanifest dot net> wrote:
>>>
>>> I'd like to block traffic from China, using a zone file from http://
>>> www.ipdeny.com/ipblocks/. But in the GUI it's not possible to easily
>>> add such a long list of ip ranges. Is there another way to add  
>>> such a
>>> list to m0n0wall, for example by editing the settingsfile and
>>> creating an alias for the whole list?
>>>
>>
>> You can't create aliases of multiple items.
>>
>> Your best bet on accomplishing this is likely to backup your config,
>> write a script to manually insert all the rules (which will be a TON
>> of them) into the config and then restore the changed config.
>
> This is a great question and a good solution. Peter, if you do write a
> script to generate the configuration text, perhaps it could be
> integrated into m0n0wall to iterate through a carriage return
> separated arrays of cidr blocks.
>
> Well, maybe that isn't such a good idea. Would the ip blocks be
> inserted into XML one by one, or would it be possible to put them all
> into one XML node? I assume it would be faster for the ip blocks to be
> in a single node, but that would be more complicated to support.
>
Thanx Chris, I'll look into that.

I'm not sure if the solution I cook up will be useful to m0n0wall,  
but It would really be a nice feature to be able to alias whole ip  
lists.

Another thing I'm curious about is the preformance of such a huge  
list of ip's. If I succeed, I'll post my findings.


Peter