From owner-freebsd-questions@FreeBSD.ORG  Thu Feb 24 01:41:25 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CBDFC16A4CE
	for <freebsd-questions@freebsd.org>;
	Thu, 24 Feb 2005 01:41:25 +0000 (GMT)
Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.207])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 265F043D53
	for <freebsd-questions@freebsd.org>;
	Thu, 24 Feb 2005 01:41:25 +0000 (GMT)
	(envelope-from jeff.wirth@gmail.com)
Received: by rproxy.gmail.com with SMTP id j1so146755rnf
	for <freebsd-questions@freebsd.org>;
	Wed, 23 Feb 2005 17:41:24 -0800 (PST)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
	s=beta; d=gmail.com;
	h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references;
	b=sV8X5dI4NwEdCcWHyPmsqkeLLbcsdfJsjbMEly7wS8gb8WmGqajdUQoh1z9cWe0cdGlYh3IVUnyntl2rAxF0Fp1fP7VA7bhYpdXFFyHNwulS04u2nFaJZXyuE12peG5UhBZWHpaNBfDPauF7+Y9RTUZxdD3oyD87FOOm7I6swX0=
Received: by 10.38.14.69 with SMTP id 69mr58521rnn;
        Wed, 23 Feb 2005 16:45:58 -0800 (PST)
Received: by 10.38.181.68 with HTTP; Wed, 23 Feb 2005 16:45:58 -0800 (PST)
Message-ID: <5d2cf6920502231645279eb0b4@mail.gmail.com>
Date: Wed, 23 Feb 2005 19:45:58 -0500
From: Jeff With <jeff.wirth@gmail.com>
To: kalin mintchev <kalin@el.net>
In-Reply-To: <61288.68.165.89.73.1109204411.squirrel@68.165.89.73>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
References: <61245.68.165.89.73.1109201689.squirrel@68.165.89.73>
	 <20050223234302.GM253@dan.emsphone.com>
	 <61288.68.165.89.73.1109204411.squirrel@68.165.89.73>
cc: freebsd-questions@freebsd.org
Subject: Re: hosts.allow
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Jeff With <jeff.wirth@gmail.com>
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2005 01:41:26 -0000

On Wed, 23 Feb 2005 19:20:11 -0500 (EST), kalin mintchev <kalin@el.net> wrote:
> >> Feb 23 17:21:05 bigdaddy named[85641]: client 218.19.160.163#64057:
> no such chances. the machine is not on my local network. on the network
> where this machine is there is no windows machines. and the 218.19.160.163
> is somewhere in china....
> 
> is there any other way to block it? except ipfw rules...
> 

BIND version 9.x (not sure on the exact version) and up supports ACLs.

example named.conf

acl china { 
  218.19.160.163; } ;

options {
   blackhole {china;};
};

- jeff