Can ipfw Rules Be Based On DNS Name
Tim Daneliuk
tundra at tundraware.com
Thu Aug 12 00:18:59 UTC 2021
On 8/11/21 6:37 PM, Nathaniel Nigro wrote:
> Ipfw -q add 111 deny udp from (domain) to any(or local ip) (port) in via
> (interface) keep-state Doesn’t work?
Not the way I want. At the time the rule is applied, (domain) is
resolved and replaced with a single IP address. I want to block
everything coming from any IP in that domain.
Or ... so I thought ... what is actually going on the deeper I look
is that the various scammer/spammer/sleazebags are representing themselves
as legitimate domain, hoping to forward their DNS requests through our
servers. We have that tightened down so these get rejected, but it does
make our logs very noisy:
11-Aug-2021 14:17:10.819 security: info: client @0x8032b3b60 51.89.223.6#55252 (pizzaseo.com): view external: query (cache) 'pizzaseo.co
m/RRSIG/IN' denied
I know of no way to stop this since these requests come from a large, and unpredictable
set of IPs.
More information about the freebsd-questions
mailing list