pf rules to allow tlds
Gergely CZUCZY
phoemix at harmless.hu
Sun Jan 14 09:35:01 UTC 2007
On Sun, Jan 14, 2007 at 12:31:58PM +0300, Abdullah Al-Marrie wrote:
> I couldn't find accurate info about the cidrs in the net, beside they
> are changing from time to time, I wish I could use domains, if this is
> an option please let me know :)
you cannot use domains, there are several reasons for that:
1) pf is not doing domain resolving at packet-matching time
2) DNS names are both changing
3) DNS names can point outside of the given country
4) reverse DNS entries can be missing
5) reverse DNS entries can point outside of the country
start here: http://www.iana.org/
Bye,
Gergely Czuczy
mailto: gergely.czuczy at harmless.hu
--
Weenies test. Geniuses solve problems that arise.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 991 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-pf/attachments/20070114/4d3bfb1b/attachment.pgp
More information about the freebsd-pf
mailing list