You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One could do it by loading a heavy list of IP blocks from a GeoIP database or ripedatabase inside a firewall brick but that would not be optimized.
Instead, we could create a dedicated GeoIP brick which only accept or reject packets which are located in a specific geographic zone. This is mainly a specialized stateless firewall which only filter a pre-defined list of IP.
This could be done by only loading in ram all IP corresponding to a specific geolocation passed at brick initialization. Something like:
Implementation could be studied more in depth. One idea would be to only store corresponding IPs a binary tree to speed up resolution. Bloom filter usage would also be meaningful here.
The text was updated successfully, but these errors were encountered:
Filtering IP depending on a geographic zone.
One could do it by loading a heavy list of IP blocks from a GeoIP database or ripe database inside a firewall brick but that would not be optimized.
Instead, we could create a dedicated GeoIP brick which only accept or reject packets which are located in a specific geographic zone. This is mainly a specialized stateless firewall which only filter a pre-defined list of IP.
This could be done by only loading in ram all IP corresponding to a specific geolocation passed at brick initialization. Something like:
Implementation could be studied more in depth. One idea would be to only store corresponding IPs a binary tree to speed up resolution. Bloom filter usage would also be meaningful here.
The text was updated successfully, but these errors were encountered: