Re: pf blocking nets in a way like *.google.com ?

On Sat, 22 Apr 2006 11:09:29 +0100, Craig Skinner wrote: >Nick Holland wrote: >> I've been a fan of DNS mangling to deal with this problem for some time. >> Technically, it is a horribly flawed system. Practically, it works, and >> works very easily. More: >>http://www.holland-consulting.net

Re: pf blocking nets in a way like *.google.com ?

Nick Holland wrote: > I've been a fan of DNS mangling to deal with this problem for some time. > Technically, it is a horribly flawed system. Practically, it works, and > works very easily. More: >http://www.holland-consulting.net/tech/imblock.html > And if you use BIND, see here: http://w

Re: pf blocking nets in a way like *.google.com ?

Falk Husemann wrote: [EMAIL PROTECTED] wrote: That doesn`t mean I can use *.google.com but I would be able to use www.google.com if I understood the FAQ and the manual correctly. Because I may not be bale to know every Hostname in a foreign network a Joker would be a neat solution. Is it maybe

Re: pf blocking nets in a way like *.google.com ?

riday, April 21, 2006 7:46 AM Subject: Re: pf blocking nets in a way like *.google.com ? On 21/04/06, Moritz Grimm <[EMAIL PROTECTED]> wrote: Lars Hansson wrote: >>Why isn't it feasible to use Googles allocated netblock >>(216.239.32.0/19 )? > > Because there&

Re: pf blocking nets in a way like *.google.com ?

On 21/04/06, Moritz Grimm <[EMAIL PROTECTED]> wrote: > > Lars Hansson wrote: > >>Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19 > )? > > > > Because there's nothing that says that every *.google.com site has to be > > within a block allocated to Google. > > Duh. The obviou

Re: pf blocking nets in a way like *.google.com ?

Lars Hansson wrote: Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)? Because there's nothing that says that every *.google.com site has to be within a block allocated to Google. Duh. The obvious solution is to have pf make a DNS lookup on each and every packet that

Re: pf blocking nets in a way like *.google.com ?

On Friday 21 April 2006 17:52, Falk Husemann wrote: > Why isn't it feasible to use Googles allocated netblock (216.239.32.0/19)? Because there's nothing that says that every *.google.com site has to be within a block allocated to Google. --- Lars Hansson

Re: pf blocking nets in a way like *.google.com ?

[EMAIL PROTECTED] wrote: That doesn`t mean I can use *.google.com but I would be able to use www.google.com if I understood the FAQ and the manual correctly. Because I may not be bale to know every Hostname in a foreign network a Joker would be a neat solution. Is it maybe planed to add any joke

Re: pf blocking nets in a way like *.google.com ?

On 4/21/06, Nick Guenther <[EMAIL PROTECTED]> wrote: > You're only blocking it until the next DNS update. Anyway, I'm not > trying to argue the merits of doing it, just trying to understand why > you couldn't. Ah, well four replies later and I'm wiser. I assumed DNS had a way to ask for all the su

Re: pf blocking nets in a way like *.google.com ?

On 4/20/06, Nick Guenther <[EMAIL PROTECTED]> wrote: > Well what if *.site.domain meant "find all IP addresses mapped to this > domain and use them for the list"? I'm probably missing something, but > I can't think what the problem is. how do you find all ip addresses mapped to this domain? even

Re: pf blocking nets in a way like *.google.com ?

On Friday 21 April 2006 11:41, Nick Guenther wrote: > Well what if *.site.domain meant "find all IP addresses mapped to this > domain and use them for the list"? It's not possible to reliably find that out. --- Lars Hansson

Re: pf blocking nets in a way like *.google.com ?

On 4/21/06, Theo de Raadt <[EMAIL PROTECTED]> wrote: > > > think about why this is undesirable and practically impossible for > > > five minutes. (hint: you are confusing DNS names and network addresses, > > > and making incorrect assumptions about how both DNS and pf work). > > > > Well what if *.

Re: pf blocking nets in a way like *.google.com ?

> > think about why this is undesirable and practically impossible for > > five minutes. (hint: you are confusing DNS names and network addresses, > > and making incorrect assumptions about how both DNS and pf work). > > Well what if *.site.domain meant "find all IP addresses mapped to this > doma

Re: pf blocking nets in a way like *.google.com ?

On 4/21/06, Damien Miller <[EMAIL PROTECTED]> wrote: > On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote: > > > Is it maybe planed to add any joker to PF so that such stuff would be > > possible in the future if it isn`t already possible? > > think about why this is undesirable and practically impossibl

Re: pf blocking nets in a way like *.google.com ?

On Fri, 21 Apr 2006, [EMAIL PROTECTED] wrote: > Is it maybe planed to add any joker to PF so that such stuff would be > possible in the future if it isn`t already possible? think about why this is undesirable and practically impossible for five minutes. (hint: you are confusing DNS names and net

Re: pf blocking nets in a way like *.google.com ?

On Fri, 2006-04-21 at 01:52:19 +0200, [EMAIL PROTECTED] proclaimed... > Is there any way to block networks by using a joker in the hostname? > > Lets take as example google. Google has many different Networks and such foo. > I found no way to block them all (during reading the PF manpage) using >