[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (OT) IPF domain blocking

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: (OT) IPF domain blocking
From: Andre Lucas <lucas_(_at_)_ae-35_(_dot_)_net>
Date: Wed, 9 May 2001 01:21:52 +0100

On Tue, May 08, 2001 at 10:06:28AM -0500, InSaNe wrote:
> block in on NIC from *.bg to any port = blah

No you can't do that. Think about what IPF would have to do: A
reverse lookup on every packet it sees, or a very large cache.
Time consuming and futile, as many addresses don't have associated
DNS entries.

Anyway, the Internet isn't really a network on which you can easily
block by geographic region. The network numbers don't all line up on
neat boundaries, and the top-level DNS domain isn't a guarantee of
the sender's origin.

I'm sure you have your reasons, but forgive me asking as I'm curious:
What has _every_ person in Bulgaria done to deserve such treatment? :)

Ta,
-Andre

References:
- (OT) IPF domain blocking
  - From: InSaNe

Prev by Date: Flashpath Support
Next by Date: Sparc 4, 2.8, panic: crazy interrupts
Previous by thread: Re: (OT) IPF domain blocking
Next by thread: How to build XFree 4.0.3
Index(es):
- Date
- Thread

Visit your host, monkey.org