On 29.02.2012 12:35, E.S. Rosenberg wrote:
As far as I always understood from the docs (but I may be wrong) any
domain listed in a dstdomain list will also cover the IP associated
with the domain IF the IP has that domain related to it when you do a
reverse lookup on the IP.
So for most big websites/domains that will usually work but small
sites that are hosted at home generally resolve back to the ISP and
not to the domain they are hosting...
Yes.
For the edge case dstdom_regex with an IP address pattern:
acl numeric_IPs dstdom_regex
^[a-z]://(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\]))/
The dst type list also does the reverse lookup if I recall
correctly...
It does name->IP conversion for a numeric comparison.
Amos
