An idea is to get a bgp feed from your isp and use something like this (I
use FreeBSD so ipfw in my case, however you could use it for a .htaccess or
anything)
Once your BGP is established, run:
vtysh -e "show ip bgp" > /root/scripts/bgproutes.txt
################
#!/bin/sh
for i in `cat /root/scripts/bgproutes.txt | grep -v 0.0.0.0 |awk
'{print($2)}' | grep -v "127.0.0.1" | grep -v "1996-200" | grep "[0-255]." `
; do
ipfw add 01002 deny ip from $i to any in
done
################
With a few changes of the above script you could get a .htaccess file in the
below format:
<Limit GET POST>
order deny,allow
deny from all
allow from $i
</Limit>
Barry
----- Original Message -----
From: "Liz Q"
On Thu, 30 Jun 2005 09:00, James J. Guidera wrote:
Just a quick question,
Is there a singular complete list of NZ ip range?? I am wanting to allow only NZ traffic access to servers.
/usr/bin/wget ftp://ftp.apnic.net/pub/apnic/dbase/data/country-ipv4.lst -O /tmp/country-ipv4.lst
for NZIP in `cat /tmp/country-ipv4.lst |grep nz | awk '{print $5}'` ; do echo Allowing ${NZIP} ${IPTABLES} -t filter -A INETIN -p tcp --sport 20 --dport 1024:65535 -s $NZIP -j TCPACCEPT
done
Probably an easier way to do it somewhere, but that works for me ;]
Liz
Thanks
James Guidera
Systems Engineer
Miracle Electronics Ltd
Ph:+64-4-385-1293
Cel: +64-21-705-614
-- It's been discovered that research causes cancer in rats.
_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog