Hey everyone,
I would like to bock all traffic from one host, the problem is the data isn't comming from that host anymore, it is redirected from my router, I am using PF as firewall, this is te ruleset I wanted to use for it:
block in from { example.host.com , example2.secondhost.com } to anybut when I enable tcpdump when starting the application which triggers the comming data from the hosts I want to block this is a piece of what it shows ( with the -v option ) :
15:54:45.944499 IP Riza.FStaals.LAN.63681 > SpeedTouch.FStaals.Lan.domain: 57330+ AAAA? example.host.com. (35)
15:54:45.974083 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.63681: 57330 1/0/0 CNAME example2.secondhost.com. (54)
15:54:45.974301 IP Riza.FStaals.LAN.65038 > SpeedTouch.FStaals.Lan.domain: 57331+ A? example.host.com. (35)
15:54:45.986375 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.65038: 57331 2/0/0 CNAME example2.secondhost.com.[|domain]
15:54:45.986740 IP Riza.FStaals.LAN.63345 > SpeedTouch.FStaals.Lan.domain: 57332+ AAAA? example2.secondhost.com. (32)
15:54:45.999378 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.63345: 57332 0/0/0 (32)
15:54:45.999509 IP Riza.FStaals.LAN.58187 > SpeedTouch.FStaals.Lan.domain: 57333+ A? example2.secondhost.com. (32)
15:54:46.014454 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.58187: 57333 1/0/0 A 193.69.116.13 (48)
15:54:46.867432 IP Riza.FStaals.LAN.50980 > SpeedTouch.FStaals.Lan.domain: 36113+ PTR? 138.0.0.10.in-addr.arpa. (41)
15:54:46.868404 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.50980: 36113* 1/0/0 PTR[|domain]
15:54:46.869032 IP Riza.FStaals.LAN.54487 > SpeedTouch.FStaals.Lan.domain: 36114+ PTR? 13.116.69.193.in-addr.arpa. (44)
15:54:46.905268 IP SpeedTouch.FStaals.Lan.domain > Riza.FStaals.LAN.54487: 36114 NXDomain* 0/0/0 (44 )
So the problem is that the data is redirected at my router ( SpeedTouch.FStaals.LAN ) to my laptop ( Riza.FStaals.LAN ) but I can't block all the traffic from my router since all other data I do want to receive. My router doesn't have an option to block specified URLs so I can't do it there eighter.
Has anyone an Idea how I can block all the data from the 'bad-hosts' ( which I changed here in example.host.com and example2.secondhost.com )
Thanks in advance
Frank Staals _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
