you're right! my apologies. i did a quick check on iptables as well, after running the rule, i see all the ip addresses that www.yahoo.com resolved to listed on the input chain as rejected. galing! one problem though, does this mean that only ip addresses that resolved to www.yahoo.com AT THE TIME OF RULE ACTIVATION get listed on the REJECT rule, or is it dynamic i.e the chains subsystem periodically checks the dns records of www.yahoo.com for added or removed ip addresses?
--vince. ----- Original Message ----- From: "fooler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, August 14, 2002 5:53 PM Subject: Re: [plug] (no subject) > ----- Original Message ----- > From: "vince cagud" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, August 14, 2002 4:53 PM > Subject: Re: [plug] (no subject) > > > > it's trivial to reverse said rule. good point though. you might actually > > want to reconsider the posted rule since yahoo's numeric addresses do not > > reverse-resolve back to www.yahoo.com, thus making the rule fail to > > recognize it. > > no it wont fail :-> remember that dns function is just to map name into ip > address... tcp/ip end2end communication is using ip address not fqdn.. > therefore the ipchains rule of louie below is still correct to block all > incoming traffic coming from www.yahoo.com because ipchains will create > number of lines of denies depend how many the www.yahoo.com ip addresses > will return.. > > > > > ipchains -A input -p tcp -d remoteip -s www.yahoo.com -j DENY > > > what im really pointing out is that, if you block thru incoming traffic.. > imagine that if one workstation will going to access www.yahoo.com, it will > waste outgoing traffic first (the first syn packet) and second the incoming > traffic (the syn + ack packet) of your upstream bandwidth coming from > www.yahoo.com and block it by your ipchains box.. > > with this rule: > > ipchains -A outgoing -p tcp -s 0.0.0.0/0 -d www.yahoo.com 80 -j REJECT > > it will save you time (because of the REJECT and not DENY), upstream > bandwidth and www.yahoo.com server resources. > > fooler. > > > > _ > Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph > To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] > > To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED] > _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
