1 |
On 2017-10-04 17:21, Alan McKinnon wrote: |
2 |
|
3 |
> I'd suggest you use a packet filter, but not on Linux and certainly not |
4 |
> iptables. That thing is a god-awful mess looking like it was built by |
5 |
> unsupervised schoolkids masquerading as internes. The best tool for this |
6 |
> is the pf packet filter, but it runs on FreeBSD. Get yourself a spare |
7 |
> machine, load pfsense on it (it's an appliance like wrt) and drop the |
8 |
> traffic from all offensive addresses. Drop, not reject. |
9 |
|
10 |
FWIW, I have considered doing what you suggest here, but the problem |
11 |
with pfsense (and its fork opnsense as well) is it only runs on x86; I |
12 |
think one of them won't even run on amd64, or perhaps the other way |
13 |
around. But definitely no arm at cetera, so you can't install them on a |
14 |
Pi or something. |
15 |
|
16 |
-- |
17 |
Please don't Cc: me privately on mailing lists and Usenet, |
18 |
if you also post the followup to the list or newsgroup. |
19 |
Do obvious transformation on domain to reply privately _only_ on Usenet. |