Roger Price wrote:
On 2017-04-12 18:34, Per Jessen wrote:
Yes, that is due to incorrect or missing whois information for the subnets involved. Or that wherever xtables gets the information is flawed or outdated.
The subnets change all the time. To get up-to-date data you need to go to a subscription service.
Well, the data is out there and available for free. At maxmind for instance. It isn't overly complicated retrieving the data from router tables and whois information, it's all publicly available.
It seems to me that geoip is re-inventing the wheel. Blocking country CC by subnet is best done by taking country subnet specifications from say ipverse.net/ipblocks/data/countries/CC.zone and loading them into hash:net ipsets. Performance is O(1). Can geoip do better?
The tables for xtables-geopi are split by some criteria, the loading into kernel space and the lookups are apparently very efficient. -- Per Jessen, Zürich (11.2°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org