From owner-freebsd-questions  Sat Jun 19  6:38:28 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from seamud.oz.net (sense-samz-230.oz.net [216.39.153.230])
	by hub.freebsd.org (Postfix) with ESMTP id 38CFC14E42
	for <freebsd-questions@FreeBSD.ORG>; Sat, 19 Jun 1999 06:38:26 -0700 (PDT)
	(envelope-from samz@oz.net)
Received: from sam (sam.seamud.oz.net [10.0.0.2])
	by seamud.oz.net (8.9.3/8.9.3) with SMTP id GAA00774
	for <freebsd-questions@FreeBSD.ORG>; Sat, 19 Jun 1999 06:38:26 -0700 (PDT)
	(envelope-from samz@oz.net)
Message-Id: <4.1.19990619063443.00928290@mail.oz.net>
X-Sender: samz@mail.oz.net (Unverified)
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 
Date: Sat, 19 Jun 1999 06:38:25 -0700
To: freebsd-questions@FreeBSD.ORG
From: Sam Zamarripa <samz@oz.net>
Subject: IPFW Questions
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

2 quick questions.

1. I'm running a DNS server for my internal LAN..but I do not want people
on the outside using it. Will using IPFW to block INCOMING tcp/udp to port
53 prevent DNS from working?

2. I understand how you block an IP and even a CLASS C...but what about a
DOMAIN? Here's what I mean specifically. Let's say I want to DENY a BIG
site from accessing my machines. Let's for example use microsoft.com. Well
simply IPFW deny'ing microsoft.com, will get only 1 of their Class
C's..when microsoft.com has tons of IP Blocks. Is there anyway to block a
domain short of figuring out each and every class C an ISP has?

Thanks.

Sam



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message