[geeks] .hk, .cn, .info considered harmful
Jonathan C. Patschke
jp at celestrion.net
Thu Jun 5 08:53:30 CDT 2008
On Thu, 5 Jun 2008, Phil Stracchino wrote:
> Problem: What netblocks to actually block. I managed to find one site
> offering a list of .cn and .hk netblocks; the combined total is over
> 10k, gzipped. There's got to be a better solution than that.
Possibly not. You can set up pf to use tables that reference external
files. This method is reasonably efficient. I'd be shocked if the pf
code iterates through every entry the tables for each packet; I'd assume
that the table data is hashed somehow to minimize excessive compares.
So, you could have something like:
table <china> persist file "/etc/CN-cidr.txt"
table <hongkong> persist file "/etc/HK-cidr.txt"
block in on ext from { <china>, <hongkong> } to any port 25
pf makes it easy to keep huge rules nice and tidy.
I might actually set that up when I get home today. I have a
hand-hacked set of netblocks that I'd looked up over time, but having
the entire country blocked would probably lessen the load I put on
spamassassin.
--
Jonathan Patschke | "There is more to life than increasing its speed."
Elgin, TX | --Mahatma Gandhi
USA |
More information about the geeks
mailing list