I guess the referrer has to match. Otherwise they serve an empty file. I wouldn't distribute the files but rather let Chef download them. Not sure if that's the same thing though and would also fall under that restriction.
Cheers, Sebastian > On 18.07.2014, at 21:41, M <sysad...@tricubemedia.com> wrote: > > Well, maybe we cant: > > “ > YOU MAY NOT RE-DISTRIBUTE OUR IP ZONE FILES. HOWEVER, YOU CAN LINK TO > OUR IP COUNTRY ZONE FILES FOLDER ACCESSABLE AT > http://www.ipdeny.com/ipblocks/data/countries, BUT NOT TO THE > FILES DIRECTLY, UNLESS YOU COMPLY WITH FAIR USAGE LIMITS POLICY. > “ > Also ,I found their zip file of all zones to be zero bytes. > > Dave M > > On 7/18/2014 12:59 PM, Me wrote: >> I also downloaded their tar file, of all the countries IP`s, >> Just wondering, maybe I will look at modifying the script, so it looks on >> local drive for “ DLROOT” >> instead of trolling their website, as I used to use this a long time ago, >> and found many of the files inside the tar to be zero bytes. >> >> >> Will let everyone know what I find. >> >> Dave M >> >> From: Sebastian Grewe >> Sent: Friday, July 18, 2014 12:43 AM >> To: qmailtoaster-list@qmailtoaster.com >> Subject: Re: [qmailtoaster] Firewall >> >> Yeah I saw that tar file they offer. I wanted to use it with chef and just >> feed shorewall some include files. Will see how it goes. >> >> Cheers, >> Sebastian >> >> On 17.07.2014, at 22:48, M <sysad...@tricubemedia.com> wrote: >> >>> Shorewall firewall is based on iptables so it should work. >>> and this script gets its data from : >>> DLROOT="http://www.ipdeny.com/ipblocks/data/countries"; >>> >>> Dave M >>> >>>> On 7/17/2014 10:28 AM, Sebastian Grewe wrote: >>>> Hey Dave, >>>> >>>> That's one great script there. I will have to check for that ipdeny.com >>>> list - maybe I can also add it to shorewall somehow. >>>> >>>> Cheers, >>>> Sebastian >>>> >>>> On 16.07.2014, at 21:02, M <sysad...@tricubemedia.com> wrote: >>>> >>>>> Hi list, recently i had a request for a VM for one of our qmailers. >>>>> >>>>> Subsequently , after deployment, we found the VM to be compromised, so >>>>> hackers got in before I could secure the qmail VM. >>>>> >>>>> I rebuilt the VM, and added " My " firewall rules , and sent it off >>>>> again. No probs this time. >>>>> I was asked if they could share the firewall rules, No probs, but I >>>>> looked for a way to block by country. >>>>> >>>>> Here is what I found, and modified for our qmail needs ( rules etc ) >>>>> Thanks go to the original script writer, I merely modified it. >>>>> >>>>> Firewall script , so you can block specific countries, eg China ( ISO cn >>>>> ) working as of July 16th 2014 >>>>> >>>>> ***No offense meant to any countries listed here, for demo purposes >>>>> only*** >>>>> >>>>> Do a ISO country code look up for your needs >>>>> >>>>> Tested on qmail-Centos5, and qmail-Centos6. >>>>> >>>>> Should work an other iptables type firewalls >>>>> >>>>> Install & Setup. >>>>> *** Backup your existing firewall script. *** >>>>> Centos5 qmail install ( cp /etc/rc.d/firewall.ruleset >>>>> /etc.rc.d/firewall.org ) >>>>> Centos6 qmail install ( cp /etc/sysconfig/iptables >>>>> /etc/sysconfig/iptables.org ) >>>>> >>>>> copy script to your server, make executable ( chmod +x country_block.sh ) >>>>> Edit file, and modify to your needs. >>>>> specific areas >>>>> ISO="af cn kr" >>>>> # Set your own ports you need , these are set for a standard qmail >>>>> install..remove 3306 if you dont do database sync`s >>>>> ALLOWPORTS=22,25,80,110,143,443,465,587,993,995,3306 >>>>> #Set your subnet >>>>> ALLOWSUBNET=192.168.0.0/255.255.0.0 >>>>> >>>>> >>>>> Run script >>>>> ./country_block.sh >>>>> Wait until complete. >>>>> check it added the rules, iptables -L -n, you should see a whole bunch >>>>> of " countrydrop " lines >>>>> >>>>> Centos 5 Qmail installs >>>>> Save iptables to your /etc/rc.d/firewall.ruleset >>>>> /sbin/iptables-save > /etc/rc.d/firewall.ruleset >>>>> >>>>> Stop and start firewall >>>>> firewall down >>>>> firewall up >>>>> Check again iptables -L -n >>>>> >>>>> Centos 6 Qmail installs >>>>> Save iptables to your /etc/sysconfig/iptables >>>>> /sbin/iptables-save > /etc/sysconfig/iptables >>>>> >>>>> Some say this may cause slowness on the email server, I have not found >>>>> that to be the case. >>>>> Based on " My ruleset " ( thousands of entries ) I have been running the >>>>> rules for years. >>>>> >>>>> Dave M >>>>> <country_block.sh> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com >>>>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com >
