On Wed, 10 Aug 2016 -0300, Dr. Rolf Jansen wrote: (just curious: whereabouts is -0300? Brazil?)
> > Am 08.08.2016 um 18:46 schrieb Dr. Rolf Jansen <r...@obsigna.com>: >> I am almost finished with preparing the tools for geo-blocking and >> geo-routing at the firewall for submission to the FreeBSD ports. >> I created a man file for the tools, see: >> https://cyclaero.github.io/ipdb/, and I added the recent suggestions >> on rule number/action code per country code, namely, I changed the >> formula for the x-flag to the suggestion of Ian (value = offset + >> ((C1 - 'A')*26 + (C2 - 'A'))*10), and I added the idea of directly >> assigning a number to a country code in the argument for the t-flag >> ("CC=nnnnn:..."). Furthermore, I removed the divert filter daemon >> from the Makefile. The source is still on GitHub, though, and can be >> re-vamped if necessary. Now I am going to prepare the Makefile for >> the port. Terrific work, Rolf! Something for everyone, although I'm guessing the pf people are going to want a piece of the action, if they need any more than the -p option and a bit of scripting. > I just submitted a PR asking to add the new port 'sysutils/ipdbtools'. > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211744 Wonderful. > I needed to change the name of the geoip tool, because GeoIP® is a > registered trademark of MaxMind, Inc., see www.maxmind.com. The name I did wonder about that .. > of the tool is now 'ipup' = abbreviated form of IP geo location table > generation and look- UP , that is without the boring middle part :-D > > Those, who used geoip already in some scripts, please excuse the > inconvenience of needing to change the name. > With the great help of Julian, I was able to improve the man file and > the latest version can be read online: > > https://cyclaero.github.io/ipdb/ Nice manual and all. A few typos noted below (niggly Virgo proofreader) I must apologise for added exasperation earlier. I was tending towards conflating several other ipfw issues under discussion (named states, new state actions, and this). Sorry if I bumped you off course momentarily, though I don't seem to have slowed you down too much .. As a hopefully not unwelcome aside, it's a pity that IBM, of all people, couldn't manage geo-blocking successfully for the Australian Census the other night. Next time around we can offer them a working geo-blocking firewall/router for a good deal less than the AU$9.6M we've paid IBM :) Census: How the Government says the website meltdown unfolded: http://www.abc.net.au/news/2016-08-10/census-night-how-the-shambles-unfolded/7712964 A more tech-savvy article than ABC or other news media managed so far: https://www.theguardian.com/australia-news/2016/aug/10/computer-says-no-australian-census-shambles-explanation-depends-on-who-you-ask cheers, Ian ======= It is suitable for inclusion into cron. "for invocation by cron" maybe? ipdb_update.sh has IPRanges="/usr/local/etc/ipdb/IPRanges" but some (not all) mentions in the manpage use "IP-Ranges" with a hyphen, including the FILES section. Also the last one there repeats "*bst.v4" for IPv6. It's not quite clear how to specify an 'empty CC list'? ''? ""? either? "from certain [countries?] we don't like .." "piped into sort of [or?] a pre-processing command .." ======= _______________________________________________ freebsd-ipfw@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"