Date: Wed, 11 Aug 2021 19:18:24 -0500 From: Tim Daneliuk <tundra@tundraware.com> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Can ipfw Rules Be Based On DNS Name Message-ID: <07064513-2e56-d4f7-54aa-8a7d12755402@tundraware.com> In-Reply-To: <CAD=pOf=85A5kFp1PEN72QdJs5G7tpr_daFMuHqy65bX%2B78oHsg@mail.gmail.com> References: <ac332bfe-314a-ac76-eeb4-f0111bac4d0d@tundraware.com> <CAD=pOf=85A5kFp1PEN72QdJs5G7tpr_daFMuHqy65bX%2B78oHsg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 8/11/21 6:37 PM, Nathaniel Nigro wrote: > Ipfw -q add 111 deny udp from (domain) to any(or local ip) (port) in via > (interface) keep-state Doesn’t work? Not the way I want. At the time the rule is applied, (domain) is resolved and replaced with a single IP address. I want to block everything coming from any IP in that domain. Or ... so I thought ... what is actually going on the deeper I look is that the various scammer/spammer/sleazebags are representing themselves as legitimate domain, hoping to forward their DNS requests through our servers. We have that tightened down so these get rejected, but it does make our logs very noisy: 11-Aug-2021 14:17:10.819 security: info: client @0x8032b3b60 51.89.223.6#55252 (pizzaseo.com): view external: query (cache) 'pizzaseo.co m/RRSIG/IN' denied I know of no way to stop this since these requests come from a large, and unpredictable set of IPs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?07064513-2e56-d4f7-54aa-8a7d12755402>