From owner-freebsd-security Thu Mar 16 11:44:51 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 1EBC237C3E6 for ; Thu, 16 Mar 2000 11:44:49 -0800 (PST) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id OAA76048; Thu, 16 Mar 2000 14:44:46 -0500 (EST) (envelope-from mike@sentex.ca) Message-Id: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 16 Mar 2000 14:42:16 -0500 To: bwoods2@uswest.net, freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: IPFW...1 more question..... In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 11:34 AM 3/16/00 -0800, William Woods wrote: >This firewall rule, > >ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com > >am I correct in assuming that this will block ALL traffic from aol.com to >alpha.cybcon.com and log it? No. You need to specify IP ranges for ipfw to work. Putting in aol.com will just block whatever A record comes up for the host aol.com. It sounds like using libwrap (aka tcp_wrapper) might get what you want, or even things like .htaccess if you want to block website access. However, this will not always work either, as some of AOL's outsourced dialup might have PTR records of the outsourcing company, and not aol.com. ---Mike ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message