|
||||||||
On 28-jul-2007, at 5:08, Albert Lash wrote: > On 7/27/07, Chris Buechler <cbuechler at gmail dot com> wrote: >> On 7/27/07, Peter Teunissen <lists at onemanifest dot net> wrote: >>> >>> I'd like to block traffic from China, using a zone file from http:// >>> www.ipdeny.com/ipblocks/. But in the GUI it's not possible to easily >>> add such a long list of ip ranges. Is there another way to add >>> such a >>> list to m0n0wall, for example by editing the settingsfile and >>> creating an alias for the whole list? >>> >> >> You can't create aliases of multiple items. >> >> Your best bet on accomplishing this is likely to backup your config, >> write a script to manually insert all the rules (which will be a TON >> of them) into the config and then restore the changed config. > > This is a great question and a good solution. Peter, if you do write a > script to generate the configuration text, perhaps it could be > integrated into m0n0wall to iterate through a carriage return > separated arrays of cidr blocks. > > Well, maybe that isn't such a good idea. Would the ip blocks be > inserted into XML one by one, or would it be possible to put them all > into one XML node? I assume it would be faster for the ip blocks to be > in a single node, but that would be more complicated to support. > Thanx Chris, I'll look into that. I'm not sure if the solution I cook up will be useful to m0n0wall, but It would really be a nice feature to be able to alias whole ip lists. Another thing I'm curious about is the preformance of such a huge list of ip's. If I succeed, I'll post my findings. Peter |