On Sat, 22 Apr 2006 11:09:29 +0100, Craig Skinner wrote:
>Nick Holland wrote:
>> I've been a fan of DNS mangling to deal with this problem for some time.
>> Technically, it is a horribly flawed system. Practically, it works, and
>> works very easily. More:
>>http://www.holland-consulting.net
Nick Holland wrote:
> I've been a fan of DNS mangling to deal with this problem for some time.
> Technically, it is a horribly flawed system. Practically, it works, and
> works very easily. More:
>http://www.holland-consulting.net/tech/imblock.html
>
And if you use BIND, see here:
http://w
Falk Husemann wrote:
[EMAIL PROTECTED] wrote:
That doesn`t mean I can use *.google.com but I would be able to use
www.google.com if I understood the FAQ and the manual correctly.
Because I may not be bale to know every Hostname in a foreign network a
Joker would be a neat solution.
Is it maybe
riday, April 21, 2006 7:46 AM
Subject: Re: pf blocking nets in a way like *.google.com ?
On 21/04/06, Moritz Grimm <[EMAIL PROTECTED]> wrote:
Lars Hansson wrote:
>>Why isn't it feasible to use Googles allocated netblock
>>(216.239.32.0/19
)?
>
> Because there&
On 21/04/06, Moritz Grimm <[EMAIL PROTECTED]> wrote:
>
> Lars Hansson wrote:
> >>Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19
> )?
> >
> > Because there's nothing that says that every *.google.com site has to be
> > within a block allocated to Google.
>
> Duh. The obviou
Lars Hansson wrote:
Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)?
Because there's nothing that says that every *.google.com site has to be
within a block allocated to Google.
Duh. The obvious solution is to have pf make a DNS lookup on each and
every packet that
On Friday 21 April 2006 17:52, Falk Husemann wrote:
> Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)?
Because there's nothing that says that every *.google.com site has to be
within a block allocated to Google.
---
Lars Hansson
[EMAIL PROTECTED] wrote:
That doesn`t mean I can use *.google.com but I would be able to use
www.google.com if I understood the FAQ and the manual correctly.
Because I may not be bale to know every Hostname in a foreign network a
Joker would be a neat solution.
Is it maybe planed to add any joke
On 4/21/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
> You're only blocking it until the next DNS update. Anyway, I'm not
> trying to argue the merits of doing it, just trying to understand why
> you couldn't.
Ah, well four replies later and I'm wiser. I assumed DNS had a way to
ask for all the su
On 4/20/06, Nick Guenther <[EMAIL PROTECTED]> wrote:
> Well what if *.site.domain meant "find all IP addresses mapped to this
> domain and use them for the list"? I'm probably missing something, but
> I can't think what the problem is.
how do you find all ip addresses mapped to this domain?
even
On Friday 21 April 2006 11:41, Nick Guenther wrote:
> Well what if *.site.domain meant "find all IP addresses mapped to this
> domain and use them for the list"?
It's not possible to reliably find that out.
---
Lars Hansson
On 4/21/06, Theo de Raadt <[EMAIL PROTECTED]> wrote:
> > > think about why this is undesirable and practically impossible for
> > > five minutes. (hint: you are confusing DNS names and network addresses,
> > > and making incorrect assumptions about how both DNS and pf work).
> >
> > Well what if *.
> > think about why this is undesirable and practically impossible for
> > five minutes. (hint: you are confusing DNS names and network addresses,
> > and making incorrect assumptions about how both DNS and pf work).
>
> Well what if *.site.domain meant "find all IP addresses mapped to this
> doma
On 4/21/06, Damien Miller <[EMAIL PROTECTED]> wrote:
> On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote:
>
> > Is it maybe planed to add any joker to PF so that such stuff would be
> > possible in the future if it isn`t already possible?
>
> think about why this is undesirable and practically impossibl
On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote:
> Is it maybe planed to add any joker to PF so that such stuff would be
> possible in the future if it isn`t already possible?
think about why this is undesirable and practically impossible for
five minutes. (hint: you are confusing DNS names and net
On Fri, 2006-04-21 at 01:52:19 +0200, [EMAIL PROTECTED] proclaimed...
> Is there any way to block networks by using a joker in the hostname?
>
> Lets take as example google. Google has many different Networks and such foo.
> I found no way to block them all (during reading the PF manpage) using
>
16 matches
Mail list logo