From owner-freebsd-questions  Sat Jun 19  9: 7:32 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from cygnus.rush.net (cygnus.rush.net [209.45.245.133])
	by hub.freebsd.org (Postfix) with ESMTP id 99C3C14C91
	for <freebsd-questions@FreeBSD.ORG>; Sat, 19 Jun 1999 09:07:28 -0700 (PDT)
	(envelope-from bright@rush.net)
Received: from localhost (bright@localhost)
	by cygnus.rush.net (8.9.3/8.9.3) with SMTP id MAA12256;
	Sat, 19 Jun 1999 12:08:12 -0400 (EDT)
Date: Sat, 19 Jun 1999 11:08:10 -0500 (EST)
From: Alfred Perlstein <bright@rush.net>
To: Sam Zamarripa <samz@oz.net>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: IPFW Questions
In-Reply-To: <4.1.19990619063443.00928290@mail.oz.net>
Message-ID: <Pine.BSF.3.96.990619110709.14320M-100000@cygnus.rush.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 19 Jun 1999, Sam Zamarripa wrote:

> 2 quick questions.
> 
> 1. I'm running a DNS server for my internal LAN..but I do not want people
> on the outside using it. Will using IPFW to block INCOMING tcp/udp to port
> 53 prevent DNS from working?
> 
> 2. I understand how you block an IP and even a CLASS C...but what about a
> DOMAIN? Here's what I mean specifically. Let's say I want to DENY a BIG
> site from accessing my machines. Let's for example use microsoft.com. Well
> simply IPFW deny'ing microsoft.com, will get only 1 of their Class
> C's..when microsoft.com has tons of IP Blocks. Is there anyway to block a
> domain short of figuring out each and every class C an ISP has?

/usr/ports/security/tcpwrappers


-Alfred Perlstein - [bright@rush.net|bright@wintelcom.net] 
systems administrator and programmer
    Win Telecom - http://www.wintelcom.net/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message