Can ipfw Rules Be Based On DNS Name
Valeri Galtsev
galtsev at kicp.uchicago.edu
Wed Aug 11 21:57:04 UTC 2021
On 8/11/21 4:48 PM, Tim Daneliuk via freebsd-questions wrote:
> On 8/11/21 4:43 PM, Tim Daneliuk via freebsd-questions wrote:
>> On 8/11/21 4:30 PM, Nathaniel Nigro wrote:
>>> /etc/hosts.allow?
>>
>>
>> Hmmmm and interesting possibility, actually. Thanks!
>>
>>
>
> Well, actually, that's not going to work because host.allow is for TCP
> based connections and I'm already blocking everything from everywhere.
> DNS uses UDP for query/replies.
When I'm really annoyed by some domain that hides behind service showing
it with different IPs all the time (cloudflare pops up in my mind, but I
may be wrong), then I do
whois [current domain's ip]
which reveals me whoever is hiding that domain, and all blocks of IPs
owned by them, Then I add to blocking table in ipfw all their address
ranges.
The one whom I learned it from said: if you block some good people, hm,
they need to know who they are in company with, and leave for better
company...
Valeri
PS I had to abandon ipfw, and switch over to pf, but that is different
story.
--
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the freebsd-questions
mailing list