Re: pf blocking nets in a way like *.google.com ?

Nick Holland wrote: I've been a fan of DNS mangling to deal with this problem for some time. Technically, it is a horribly flawed system. Practically, it works, and works very easily. More: http://www.holland-consulting.net/tech/imblock.html And if you use BIND, see here:

Re: pf blocking nets in a way like *.google.com ?

On Sat, 22 Apr 2006 11:09:29 +0100, Craig Skinner wrote: Nick Holland wrote: I've been a fan of DNS mangling to deal with this problem for some time. Technically, it is a horribly flawed system. Practically, it works, and works very easily. More:

Re: pf blocking nets in a way like *.google.com ?

[EMAIL PROTECTED] wrote: That doesn`t mean I can use *.google.com but I would be able to use www.google.com if I understood the FAQ and the manual correctly. Because I may not be bale to know every Hostname in a foreign network a Joker would be a neat solution. Is it maybe planed to add any

Re: pf blocking nets in a way like *.google.com ?

On Friday 21 April 2006 17:52, Falk Husemann wrote: Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)? Because there's nothing that says that every *.google.com site has to be within a block allocated to Google. --- Lars Hansson

Re: pf blocking nets in a way like *.google.com ?

Lars Hansson wrote: Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)? Because there's nothing that says that every *.google.com site has to be within a block allocated to Google. Duh. The obvious solution is to have pf make a DNS lookup on each and every packet

Re: pf blocking nets in a way like *.google.com ?

On 21/04/06, Moritz Grimm [EMAIL PROTECTED] wrote: Lars Hansson wrote: Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19 )? Because there's nothing that says that every *.google.com site has to be within a block allocated to Google. Duh. The obvious solution is

Re: pf blocking nets in a way like *.google.com ?

, 2006 7:46 AM Subject: Re: pf blocking nets in a way like *.google.com ? On 21/04/06, Moritz Grimm [EMAIL PROTECTED] wrote: Lars Hansson wrote: Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19 )? Because there's nothing that says that every *.google.com site has

Re: pf blocking nets in a way like *.google.com ?

Falk Husemann wrote: [EMAIL PROTECTED] wrote: That doesn`t mean I can use *.google.com but I would be able to use www.google.com if I understood the FAQ and the manual correctly. Because I may not be bale to know every Hostname in a foreign network a Joker would be a neat solution. Is it maybe

pf blocking nets in a way like *.google.com ?

Is there any way to block networks by using a joker in the hostname? Lets take as example google. Google has many different Networks and such foo. I found no way to block them all (during reading the PF manpage) using something simple like *.google.com/de/foo. Is there any way to do this because

Re: pf blocking nets in a way like *.google.com ?

On Fri, 2006-04-21 at 01:52:19 +0200, [EMAIL PROTECTED] proclaimed... Is there any way to block networks by using a joker in the hostname? Lets take as example google. Google has many different Networks and such foo. I found no way to block them all (during reading the PF manpage) using

Re: pf blocking nets in a way like *.google.com ?

On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote: Is it maybe planed to add any joker to PF so that such stuff would be possible in the future if it isn`t already possible? think about why this is undesirable and practically impossible for five minutes. (hint: you are confusing DNS names and

Re: pf blocking nets in a way like *.google.com ?

On 4/21/06, Damien Miller [EMAIL PROTECTED] wrote: On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote: Is it maybe planed to add any joker to PF so that such stuff would be possible in the future if it isn`t already possible? think about why this is undesirable and practically impossible for

Re: pf blocking nets in a way like *.google.com ?

think about why this is undesirable and practically impossible for five minutes. (hint: you are confusing DNS names and network addresses, and making incorrect assumptions about how both DNS and pf work). Well what if *.site.domain meant find all IP addresses mapped to this domain and

Re: pf blocking nets in a way like *.google.com ?

On 4/21/06, Theo de Raadt [EMAIL PROTECTED] wrote: think about why this is undesirable and practically impossible for five minutes. (hint: you are confusing DNS names and network addresses, and making incorrect assumptions about how both DNS and pf work). Well what if *.site.domain

Re: pf blocking nets in a way like *.google.com ?

On 4/21/06, Nick Guenther [EMAIL PROTECTED] wrote: You're only blocking it until the next DNS update. Anyway, I'm not trying to argue the merits of doing it, just trying to understand why you couldn't. Ah, well four replies later and I'm wiser. I assumed DNS had a way to ask for all the