Blocking address ranges to a public address

Anders Fugmann email hidden
Mon Feb 10 15:14:04 CET 2003

William Hamilton wrote:
> We have a client request to host some machines for them but they do not
> want to pay for international traffic (traffic in NZ is expensive
> still).  We are able to get a list of NZ address ranges from
> is there a way with FIAIF to read this
> list of ranges and block non listed.  This is only for one IP Address on
> a /28 subnet.
No. The only posibility is to write a script that enters rules into the 

iptables -N ALLOW
iptables -J ALLOW
iptables -A ALLOW -d -j RETURN
iptables -A ALLOW -d -j RETURN
iptables -A ALLOW -j LOG_DROP

This will drop all requests going out to zone EXT those destination ip 
is not listed above. All other packets are processed by FIAIF as usual.

It sould be possible create a script that retrieves the files and parses 

Anders Fugmann

More information about the fiaif mailing list