Best way that I could imagine would be to use the bogon's list. Either manually or figure out how to get pfSense to update it manually. In this case one of your bogon's would be network blocks from China. Not 100% fool proof but it's a good start I think. Maybe a snort rule would do as well.
Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Mon, Feb 1, 2010 at 4:36 PM, Michel Servaes <mic...@mcmc.be> wrote: > Would there be an easy option to block or allow a certain country to a > pfSense box ? > > Let's assume that I don't want any Korean traffic on my pfSense... or China. > As I see that most attempts to the firewall (blocked ones, so not really an > issue) are from chinese ip's... I was wondering, if I could add something > from the "blockacountry.com" site to my rules to completely reject any > request coming from china. > > Or just redirect them to a "honeypot" - that would just show an HTTP page... > (a friendly one :-)) > > I guess manually editing the config.xml would be the only way for now ? > > Kind regards, > Michel > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
