On 16 September 2015 at 23:19, Eric Haszlakiewicz <[email protected]> wrote: > On September 16, 2015 3:30:43 PM EDT, Ottavio Caruso > <[email protected]> wrote: >>On 16 September 2015 at 19:06, Johnny Billquist <[email protected]> >>wrote: >>> On 2015-09-16 19:09, Ottavio Caruso wrote: >>>> >>>> RE: >>http://mail-index.netbsd.org/netbsd-users/2014/04/27/msg014543.html >>>> >>>> I put domains that I want to block in /etc/hosts preceded by 0.0.0.0 >>>> but I can still ping them. >>>> >>>> I rebooted, but I can still ping them. >>>> >>>> Then I have mass-changed all entries from 0.0.0.0 to 127.0.0.1 and I >>>> can still ping them. >>>> >>>> Rebooted, same thing. >>>> >>>> Why can I do this effortlessly with Windows and Linux but not with >>NetBSD? >>> >>> >>> First of all, using /etc/hosts as a way of block domains is extremely >>> unreliable and not really a meaningful way of actually block >>anything. >> >>Why? It works on other platforms? >> >>> >>> Second, I guess you haven't heard of /etc/nsswitch.conf. It also >>exists in >>> Linux. It tells which methods are used, and in which order. It might >>be that >>> you have dns before files. >> >>I've checked my nsswitch.conf, it's files before hosts >> >>> >>> Changing a destination to 127.0.0.1, and then pinging it, why would >>you >>> expect it to not work. 127.0.0.1 will most likely respond to pings. >>> Pinging 0.0.0.0 will also give some result. Most probably your >>default >>> gateway machine. >> >>Yes, I didn't express myself correctly. I meant that I ping the >>original host, not 127.0.0.1. >> >>BTW, rebooting TWICE produced the intended result. I wonder why I had >>to reboot twice. > > Fwiw, using /etc/hosts sounds entirely reasonable for what you're trying to > do (and hosts.deny, though having a similar name, is pointless to look at). > > Do additional changes require a reboot? If so, something is really odd. > Changes to /etc/hosts should take effect immediately. Maybe use ktrace/kdump > to see if it's actually being read?
It is odd. Same thing happened last year. It takes two reboots to apply changes, and this only if I redirect to 127.0.0.1 but not to 0.0.0.0, in which case it hangs. The 0.0.0.0 works in both Windows and Linux, it doesn't appear to work at all for me. -- Ottavio
