| 1 |
On 2017-10-04 17:21, Alan McKinnon wrote: |
| 2 |
|
| 3 |
> I'd suggest you use a packet filter, but not on Linux and certainly not |
| 4 |
> iptables. That thing is a god-awful mess looking like it was built by |
| 5 |
> unsupervised schoolkids masquerading as internes. The best tool for this |
| 6 |
> is the pf packet filter, but it runs on FreeBSD. Get yourself a spare |
| 7 |
> machine, load pfsense on it (it's an appliance like wrt) and drop the |
| 8 |
> traffic from all offensive addresses. Drop, not reject. |
| 9 |
|
| 10 |
FWIW, I have considered doing what you suggest here, but the problem |
| 11 |
with pfsense (and its fork opnsense as well) is it only runs on x86; I |
| 12 |
think one of them won't even run on amd64, or perhaps the other way |
| 13 |
around. But definitely no arm at cetera, so you can't install them on a |
| 14 |
Pi or something. |
| 15 |
|
| 16 |
-- |
| 17 |
Please don't Cc: me privately on mailing lists and Usenet, |
| 18 |
if you also post the followup to the list or newsgroup. |
| 19 |
Do obvious transformation on domain to reply privately _only_ on Usenet. |
Archives