On September 16, 2015 3:30:43 PM EDT, Ottavio Caruso <[email protected]> wrote: >On 16 September 2015 at 19:06, Johnny Billquist <[email protected]> >wrote: >> On 2015-09-16 19:09, Ottavio Caruso wrote: >>> >>> RE: >http://mail-index.netbsd.org/netbsd-users/2014/04/27/msg014543.html >>> >>> I put domains that I want to block in /etc/hosts preceded by 0.0.0.0 >>> but I can still ping them. >>> >>> I rebooted, but I can still ping them. >>> >>> Then I have mass-changed all entries from 0.0.0.0 to 127.0.0.1 and I >>> can still ping them. >>> >>> Rebooted, same thing. >>> >>> Why can I do this effortlessly with Windows and Linux but not with >NetBSD? >> >> >> First of all, using /etc/hosts as a way of block domains is extremely >> unreliable and not really a meaningful way of actually block >anything. > >Why? It works on other platforms? > >> >> Second, I guess you haven't heard of /etc/nsswitch.conf. It also >exists in >> Linux. It tells which methods are used, and in which order. It might >be that >> you have dns before files. > >I've checked my nsswitch.conf, it's files before hosts > >> >> Changing a destination to 127.0.0.1, and then pinging it, why would >you >> expect it to not work. 127.0.0.1 will most likely respond to pings. >> Pinging 0.0.0.0 will also give some result. Most probably your >default >> gateway machine. > >Yes, I didn't express myself correctly. I meant that I ping the >original host, not 127.0.0.1. > >BTW, rebooting TWICE produced the intended result. I wonder why I had >to reboot twice.
Fwiw, using /etc/hosts sounds entirely reasonable for what you're trying to do (and hosts.deny, though having a similar name, is pointless to look at). Do additional changes require a reboot? If so, something is really odd. Changes to /etc/hosts should take effect immediately. Maybe use ktrace/kdump to see if it's actually being read? Eric
