Date: Tue, 13 Jun 2023 16:17:52 -0400 From: George Mitchell <george+freebsd@m5p.com> To: ml@ft-c.de, stable@FreeBSD.org Subject: Re: ipfilter block an vhost name Message-ID: <bef897a5-347f-9c1e-49f8-0a89e800dae5@m5p.com> In-Reply-To: <4cb819068e68768a8ad32f558b2225464a823dba.camel@ft-c.de> References: <4cb819068e68768a8ad32f558b2225464a823dba.camel@ft-c.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/13/23 16:01, ft wrote: > Hello > > It is possible to block all in and/or out packages from an url > with no logging > any ports (or http and https) > > It seem it is a vhost, the ip have more url. > > my example: > block in from "brigitte.de" to any > block out from "brigitte.de" to any > > > Franz > > At the packet filtering level, all ipfilter has to go on are the source and destination IP addresses in the packet itself. So even if 'block in from "brigitte.de" to any' is syntactically acceptable in your rule set (I believe it is not), it's still blocking on the IP address to which the name resolves, not on the name. -- George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bef897a5-347f-9c1e-49f8-0a89e800dae5>