Importing IP ranges into tables with pfctl - BSD

This is a discussion on Importing IP ranges into tables with pfctl - BSD ; Hi all, I'm trying to import IP ranges from http://lists.blocklist.org into pf tables. They keep a list of known spammers, P2P industry watchdogs, phishers, spyware companies, etc. However, pfctl cannot import IP ranges into tables, although it accepts CIDR notation. ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Importing IP ranges into tables with pfctl

  1. Importing IP ranges into tables with pfctl

    Hi all,

    I'm trying to import IP ranges from http://lists.blocklist.org into
    pf tables. They keep a list of known spammers, P2P industry watchdogs,
    phishers, spyware companies, etc.

    However, pfctl cannot import IP ranges into tables, although it accepts
    CIDR notation. I've tried Perl and Python modules to convert the IP
    ranges into CIDR notation but it is never exact.

    One solution that I tried was to expand out the IP ranges. However, for
    one list, it resulted in a 85+ MB text file, which took forever to
    generate. I don't know what the eventual size would have been since my
    root partition ran out of space (probably not a good thing).

    Is there an elegant solution to this or should I just be resigned to some
    collateral blocking by pf?

    Thanks all.

  2. Re: Importing IP ranges into tables with pfctl

    Johnny Kim writes:

    > Is there an elegant solution to this or should I just be resigned to some
    > collateral blocking by pf?


    the problem sounds similar to what Henrik Gustafsson's tableutil
    (http://expiretable.fnord.se/#tableutil) was intended to solve.

    So have a look; if tableutil needs to be modified to process your data,
    I'm sure Henrik is interested in hearing from you.

    --
    Peter N. M. Hansteen, member of the first RFC 1149 implementation team
    http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/
    "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales"
    20:11:56 delilah spamd[26905]: 146.151.48.74: disconnected after 36099 seconds.

  3. Re: Importing IP ranges into tables with pfctl

    Begin
    On 2006-04-12, Johnny Kim wrote:
    > However, pfctl cannot import IP ranges into tables, although it accepts
    > CIDR notation. I've tried Perl and Python modules to convert the IP
    > ranges into CIDR notation but it is never exact.


    Ranges can easily encompass multiple CIDR blocks. As long as you accept
    that, it can be done accurately.


    > One solution that I tried was to expand out the IP ranges.


    Then aggregate into CIDR blocks. If you can't find anything else, drop
    me a note: I wrote one such aggregator thing myself.


    > [...] or should I just be resigned to some collateral blocking by pf?


    That'd be downright silly.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

  4. Re: Importing IP ranges into tables with pfctl

    On Wed, 12 Apr 2006 01:25:18 -0700 in Johnny Kim wrote:
    > Is there an elegant solution to this or should I just be resigned to some
    > collateral blocking by pf?


    Tried a freshmeat search for 'aggregate'?

    Here is the third hit which looks promising.

    http://www.vergenet.net/linux/aggregate/

    It appears you can even tell it to do collateral damage or not :-).


    --
    Chris Dukes
    < tajwerk> this job isnt bad though. Today we had free breakfast and
    B0rg implants.

  5. Re: Importing IP ranges into tables with pfctl

    On Wed, 12 Apr 2006 11:40:00 +0200, Peter N. M. Hansteen wrote:

    > Johnny Kim writes:
    >
    >> Is there an elegant solution to this or should I just be resigned to some
    >> collateral blocking by pf?

    >
    > the problem sounds similar to what Henrik Gustafsson's tableutil
    > (http://expiretable.fnord.se/#tableutil) was intended to solve.
    >
    > So have a look; if tableutil needs to be modified to process your data,
    > I'm sure Henrik is interested in hearing from you.


    I think this is what I'm looking for. By reading his website, tableutil
    was designed to work with PeerGuardian (which is made by the folks at
    blocklists.org). Thanks for the information. I wish pfctl would accept
    ranges natively but until they add that feature, I guess I can go with
    tools like this.

  6. Re: Importing IP ranges into tables with pfctl

    On Wed, 12 Apr 2006 15:19:35 +0000, ? wrote:

    > Tried a freshmeat search for 'aggregate'?
    >
    > Here is the third hit which looks promising.
    >
    > http://www.vergenet.net/linux/aggregate/
    >
    > It appears you can even tell it to do collateral damage or not :-).


    Thanks for the information. I know what I want to do, I just didn't know
    the proper word for it: aggregate, =). It'll help me research a solution.
    Thanks again guys.

+ Reply to Thread