From owner-freebsd-security Thu Mar 16 12:15:42 2000 Delivered-To: freebsd-security@freebsd.org Received: from ptldpop3.ptld.uswest.net (ptldpop3.ptld.uswest.net [198.36.160.3]) by hub.freebsd.org (Postfix) with SMTP id 5B1A737BCDD for ; Thu, 16 Mar 2000 12:15:39 -0800 (PST) (envelope-from wwoods@cybcon.com) Received: (qmail 56090 invoked by alias); 16 Mar 2000 20:14:33 -0000 Delivered-To: fixup-freebsd-security@FreeBSD.ORG@fixme Received: (qmail 56072 invoked by uid 0); 16 Mar 2000 20:14:32 -0000 Received: from unknown (HELO laptop.cybcon.com) (63.163.56.238) by pop.ptld.uswest.net with SMTP; 16 Mar 2000 20:14:32 -0000 Content-Length: 1605 Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca> Date: Thu, 16 Mar 2000 12:12:28 -0800 (PST) Reply-To: bwoods2@uswest.net From: William Woods To: Mike Tancsa Subject: Re: IPFW...1 more question..... Cc: freebsd-security@FreeBSD.ORG, bwoods2@uswest.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hmmmm, well, I have a list of .com's that I want to block access totally, what would be the most effective way then, .htaccess would just block web, and I want a bit more totality than that. On 16-Mar-00 Mike Tancsa wrote: > At 11:34 AM 3/16/00 -0800, William Woods wrote: >>This firewall rule, >> >>ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com >> >>am I correct in assuming that this will block ALL traffic from aol.com to >>alpha.cybcon.com and log it? > > No. You need to specify IP ranges for ipfw to work. Putting in aol.com > will just block whatever A record comes up for the host aol.com. It sounds > like using libwrap (aka tcp_wrapper) might get what you want, or even > things like .htaccess if you want to block website access. However, this > will not always work either, as some of AOL's outsourced dialup might have > PTR records of the outsourcing company, and not aol.com. > > ---Mike > > ------------------------------------------------------------------------ > Mike Tancsa, tel +1 519 651 3400 > Network Administrator, mike@sentex.net > Sentex Communications www.sentex.net > Cambridge, Ontario Canada ---------------------------------- E-Mail: bwoods2@uswest.net Date: 16-Mar-00 Time: 12:10:41l ---------------------------------- NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5, Subchapter II, 227, and all unsolicited commercial e-mail sent to this address is subject to a download and archival fee in the amount of $500 US To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message