Lars Hansson wrote:
Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)?Because there's nothing that says that every *.google.com site has to be within a block allocated to Google.
Duh. The obvious solution is to have pf make a DNS lookup on each and every packet that arrives.
Moritz
