Nick Holland wrote:
I've been a fan of DNS mangling to deal with this problem for some time.
Technically, it is a horribly flawed system. Practically, it works, and
works very easily. More:
http://www.holland-consulting.net/tech/imblock.html
And if you use BIND, see here:
On Sat, 22 Apr 2006 11:09:29 +0100, Craig Skinner wrote:
Nick Holland wrote:
I've been a fan of DNS mangling to deal with this problem for some time.
Technically, it is a horribly flawed system. Practically, it works, and
works very easily. More:
[EMAIL PROTECTED] wrote:
That doesn`t mean I can use *.google.com but I would be able to use
www.google.com if I understood the FAQ and the manual correctly.
Because I may not be bale to know every Hostname in a foreign network a
Joker would be a neat solution.
Is it maybe planed to add any
On Friday 21 April 2006 17:52, Falk Husemann wrote:
Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)?
Because there's nothing that says that every *.google.com site has to be
within a block allocated to Google.
---
Lars Hansson
Lars Hansson wrote:
Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)?
Because there's nothing that says that every *.google.com site has to be
within a block allocated to Google.
Duh. The obvious solution is to have pf make a DNS lookup on each and
every packet
On 21/04/06, Moritz Grimm [EMAIL PROTECTED] wrote:
Lars Hansson wrote:
Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19
)?
Because there's nothing that says that every *.google.com site has to be
within a block allocated to Google.
Duh. The obvious solution is
, 2006 7:46 AM
Subject: Re: pf blocking nets in a way like *.google.com ?
On 21/04/06, Moritz Grimm [EMAIL PROTECTED] wrote:
Lars Hansson wrote:
Why isn't it feasible to use Googles allocated netblock
(216.239.32.0/19
)?
Because there's nothing that says that every *.google.com site has
Falk Husemann wrote:
[EMAIL PROTECTED] wrote:
That doesn`t mean I can use *.google.com but I would be able to use
www.google.com if I understood the FAQ and the manual correctly.
Because I may not be bale to know every Hostname in a foreign network a
Joker would be a neat solution.
Is it maybe
Is there any way to block networks by using a joker in the hostname?
Lets take as example google. Google has many different Networks and such foo.
I found no way to block them all (during reading the PF manpage) using
something simple like *.google.com/de/foo.
Is there any way to do this because
On Fri, 2006-04-21 at 01:52:19 +0200, [EMAIL PROTECTED] proclaimed...
Is there any way to block networks by using a joker in the hostname?
Lets take as example google. Google has many different Networks and such foo.
I found no way to block them all (during reading the PF manpage) using
On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote:
Is it maybe planed to add any joker to PF so that such stuff would be
possible in the future if it isn`t already possible?
think about why this is undesirable and practically impossible for
five minutes. (hint: you are confusing DNS names and
On 4/21/06, Damien Miller [EMAIL PROTECTED] wrote:
On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote:
Is it maybe planed to add any joker to PF so that such stuff would be
possible in the future if it isn`t already possible?
think about why this is undesirable and practically impossible for
think about why this is undesirable and practically impossible for
five minutes. (hint: you are confusing DNS names and network addresses,
and making incorrect assumptions about how both DNS and pf work).
Well what if *.site.domain meant find all IP addresses mapped to this
domain and
On 4/21/06, Theo de Raadt [EMAIL PROTECTED] wrote:
think about why this is undesirable and practically impossible for
five minutes. (hint: you are confusing DNS names and network addresses,
and making incorrect assumptions about how both DNS and pf work).
Well what if *.site.domain
On 4/21/06, Nick Guenther [EMAIL PROTECTED] wrote:
You're only blocking it until the next DNS update. Anyway, I'm not
trying to argue the merits of doing it, just trying to understand why
you couldn't.
Ah, well four replies later and I'm wiser. I assumed DNS had a way to
ask for all the
15 matches
Mail list logo