On 2015-09-16 21:30, Ottavio Caruso wrote:
On 16 September 2015 at 19:06, Johnny Billquist <[email protected]> wrote:
On 2015-09-16 19:09, Ottavio Caruso wrote:
RE: http://mail-index.netbsd.org/netbsd-users/2014/04/27/msg014543.html
I put domains that I want to block in /etc/hosts preceded by 0.0.0.0
but I can still ping them.
I rebooted, but I can still ping them.
Then I have mass-changed all entries from 0.0.0.0 to 127.0.0.1 and I
can still ping them.
Rebooted, same thing.
Why can I do this effortlessly with Windows and Linux but not with NetBSD?
First of all, using /etc/hosts as a way of block domains is extremely
unreliable and not really a meaningful way of actually block anything.
Why? It works on other platforms?
Depends on what you mean by "works". Changing things in /etc/hosts does
not prevent me from reaching any of those places. It just prevents me
from using those specific names for reaching them. What are you trying
to do? Just prevent local users from using the domain names? Because
that is all you can hope to accomplish. And it also depends on whatever
application we're talking about also not trying to do DNS lookups on its
own, totally circumventing any reference to the local /etc/hosts file.
Second, I guess you haven't heard of /etc/nsswitch.conf. It also exists in
Linux. It tells which methods are used, and in which order. It might be that
you have dns before files.
I've checked my nsswitch.conf, it's files before hosts
Changing a destination to 127.0.0.1, and then pinging it, why would you
expect it to not work. 127.0.0.1 will most likely respond to pings.
Pinging 0.0.0.0 will also give some result. Most probably your default
gateway machine.
Yes, I didn't express myself correctly. I meant that I ping the
original host, not 127.0.0.1.
BTW, rebooting TWICE produced the intended result. I wonder why I had
to reboot twice.
That sounds extremely strange.
Maybe you should try and learn about /etc/hosts.deny as well as ipfilters?
But again, why?
If I have a list of 300 domains to block, this would not be practicable.
The question is - what do you actually want to do. And how it entering
them all in /etc/hosts any more practicable than using /etc/hosts.deny?
But it do achieve different goeals. /etc/hosts.deny will stop any
connections *from* those places, but will not prevent local users from
contacting those places.
But, like I said, /etc/hosts do not stop you from accessing anything.
It, at most, will prevent your usage of certain domain names.
Johnny
