> From: Paul Gear <p...@gear.dyndns.org> > > With IPv4 moving towards 100% allocation, bogon filters are more > likely to cause problems than block illegitimate traffic.
I've done it (at LAN gateway level), and it hasn't caused problems, but it's also probably not worth doing. I think the relevance here for shorewall users is not that they should be engaged in blacklisting full bogon lists, but that such scripts serve as useful examples of how to use ipsets. I wrote my earlier referenced scripts two years ago as a demonstration of how to use ipsets dynamically (for example, in block lists). I also created other examples using other periodically published lists. So while blacklisting full bogon lists may not be very useful, ipsets are. A couple of useful techniques have been shared through this cross-talk. By the way, dnsmasq is being modified to be able to populate ipsets based on name resolution. For example, you could allow or deny a set containing all addresses a given URL is actively resolved to.
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
