On the other hand, if it's doing reverse dns on every ip that hits the firewall, it could work. You're assuming they do that only once at rule creation.
-----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Tuesday, August 30, 2011 12:18 PM To: NT System Admin Issues Subject: Re: How to determine a host's IP range On Tue, Aug 30, 2011 at 11:54 AM, Richard Stovall <rich...@gmail.com> wrote: > On my SonicWall, if a create a rule for media.pearsoncmg.com, I can > write rules which allow or deny access no matter the underlying ip. There's no intrinsic relationship between an IP address and a DNS name. >From their description, what that does is look up the name to IP address(es), and then uses that to drive the firewall rule. Which is useful, don't get me wrong, but if the CDN varies the IP address (as some of them do), you might not get the desired results. Something to be aware of, is all I'm saying. :) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin