Blocking address ranges to a public address

William Hamilton email hidden
Tue Feb 11 00:30:00 CET 2003


Thanks, I  will check on writing script.

cheers

William

On Tue, 2003-02-11 at 03:14, Anders Fugmann wrote:
> William Hamilton wrote:
> > We have a client request to host some machines for them but they do not
> > want to pay for international traffic (traffic in NZ is expensive
> > still).  We are able to get a list of NZ address ranges from
> > http://ftp.apnic.net/stats/apnic/ is there a way with FIAIF to read this
> > list of ranges and block non listed.  This is only for one IP Address on
> > a /28 subnet.
> No. The only posibility is to write a script that enters rules into the 
> USER_FORWARD_EXT. e.g:
> 
> iptables -N ALLOW
> iptables -J ALLOW
> iptables -A ALLOW -d 1.2.3.4 -j RETURN
> iptables -A ALLOW -d 5.6.7.8 -j RETURN
> .
> .
> iptables -A ALLOW -j LOG_DROP
> 
> 
> This will drop all requests going out to zone EXT those destination ip 
> is not listed above. All other packets are processed by FIAIF as usual.
> 
> It sould be possible create a script that retrieves the files and parses 
> them.
> 
> Regards
> Anders Fugmann
> 
> _______________________________________________
> Fiaif mailing list
> Fiaif at fugmann.dhs.org
> https://fiaif.fugmann.dhs.org/mailman/listinfo/fiaif
-- 
William Hamilton

TheVirtual Ltd                  Voice:  +64 4 3810956
Wellington, New Zealand         Mobile: +64 21 650936
william at thevirtual.co.nz        www.thevirtual.co.nz

Making Virtual Business Reality




More information about the fiaif mailing list