Shorewall Question
Gerald Combs
gerald at zing.org
Fri Aug 13 13:17:48 CDT 2004
Michael Pratt wrote:
> I want to block the entire Asian Pacific Network from my network. The
> reason is I keep getting virus attachments from this network and
> attempted relays from this nettork. This is the info.
Are you sure you want to block _every_ APNIC address? This means
blocking 13 /8s plus a bunch of lesser allocations, which comes to about
about 9-10% of the presently allocated IPv4 space:
http://www.iana.org/assignments/ipv4-address-space
It also means blocking traffic from Australia, India, Japan, New
Zealand, and a pile of other countries:
http://www.apnic.net/info/faq/apnic_faq/about_apnic.html#4
You may want to point your mail server at one of the many RBL/DUL
services instead. They offer much finer-grained filtering, you're less
likely to block legitimate sites, and you'll catch relays in other
regions of the world as well.
More information about the Kclug
mailing list