Blocking address ranges to a public address

Anders Fugmann email hidden
Mon Feb 10 15:14:04 CET 2003


William Hamilton wrote:
> We have a client request to host some machines for them but they do not
> want to pay for international traffic (traffic in NZ is expensive
> still).  We are able to get a list of NZ address ranges from
> http://ftp.apnic.net/stats/apnic/ is there a way with FIAIF to read this
> list of ranges and block non listed.  This is only for one IP Address on
> a /28 subnet.
No. The only posibility is to write a script that enters rules into the 
USER_FORWARD_EXT. e.g:

iptables -N ALLOW
iptables -J ALLOW
iptables -A ALLOW -d 1.2.3.4 -j RETURN
iptables -A ALLOW -d 5.6.7.8 -j RETURN
.
.
iptables -A ALLOW -j LOG_DROP


This will drop all requests going out to zone EXT those destination ip 
is not listed above. All other packets are processed by FIAIF as usual.

It sould be possible create a script that retrieves the files and parses 
them.

Regards
Anders Fugmann




More information about the fiaif mailing list