[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (OT) IPF domain blocking



On Tue, May 08, 2001 at 10:06:28AM -0500, InSaNe wrote:
> block in on NIC from *.bg to any port = blah

No you can't do that. Think about what IPF would have to do: A
reverse lookup on every packet it sees, or a very large cache.
Time consuming and futile, as many addresses don't have associated
DNS entries.

Anyway, the Internet isn't really a network on which you can easily
block by geographic region. The network numbers don't all line up on
neat boundaries, and the top-level DNS domain isn't a guarantee of
the sender's origin.

I'm sure you have your reasons, but forgive me asking as I'm curious:
What has _every_ person in Bulgaria done to deserve such treatment? :)

Ta,
-Andre



Visit your host, monkey.org