From owner-freebsd-security Thu Mar 16 12:20:23 2000 Delivered-To: freebsd-security@freebsd.org Received: from vinyl.sentex.ca (vinyl.sentex.ca [209.112.4.14]) by hub.freebsd.org (Postfix) with ESMTP id 2A0BC37C1B2 for ; Thu, 16 Mar 2000 12:20:14 -0800 (PST) (envelope-from mike@sentex.ca) Received: from simoeon (simeon.sentex.ca [209.112.4.47]) by vinyl.sentex.ca (8.9.3/8.9.3) with SMTP id PAA82567; Thu, 16 Mar 2000 15:20:11 -0500 (EST) (envelope-from mike@sentex.ca) Message-Id: <3.0.5.32.20000316151740.0217d280@marble.sentex.ca> X-Sender: mdtpop@marble.sentex.ca X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Thu, 16 Mar 2000 15:17:40 -0500 To: bwoods2@uswest.net From: Mike Tancsa Subject: Re: IPFW...1 more question..... Cc: freebsd-security@FreeBSD.ORG In-Reply-To: References: <3.0.5.32.20000316144216.00c94ac0@marble.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:12 PM 3/16/00 -0800, William Woods wrote: >Hmmmm, well, I have a list of .com's that I want to block access totally, what >would be the most effective way then, .htaccess would just block web, and I >want a bit more totality than that. With .htaccess for apache, and all the services in /etc/hosts.allow that can be wrapped, what is missing for you ? ---Mike > >On 16-Mar-00 Mike Tancsa wrote: >> At 11:34 AM 3/16/00 -0800, William Woods wrote: >>>This firewall rule, >>> >>>ipfw add 001 deny log ip from aol.com/24 to alpha.cybcon.com >>> >>>am I correct in assuming that this will block ALL traffic from aol.com to >>>alpha.cybcon.com and log it? >> >> No. You need to specify IP ranges for ipfw to work. Putting in aol.com >> will just block whatever A record comes up for the host aol.com. It sounds >> like using libwrap (aka tcp_wrapper) might get what you want, or even >> things like .htaccess if you want to block website access. However, this >> will not always work either, as some of AOL's outsourced dialup might have >> PTR records of the outsourcing company, and not aol.com. >> >> ---Mike >> >> ------------------------------------------------------------------------ >> Mike Tancsa, tel +1 519 651 3400 >> Network Administrator, mike@sentex.net >> Sentex Communications www.sentex.net >> Cambridge, Ontario Canada > > >---------------------------------- >E-Mail: bwoods2@uswest.net >Date: 16-Mar-00 >Time: 12:10:41l >---------------------------------- > >NOTICE TO BULK E-MAILERS: Pursuant to US Code, Title 47, Chapter 5, >Subchapter II, 227, and all unsolicited commercial e-mail sent to this >address is subject to a download and archival fee in the amount of $500 US > > > ------------------------------------------------------------------------ Mike Tancsa, tel +1 519 651 3400 Network Administrator, mike@sentex.net Sentex Communications www.sentex.net Cambridge, Ontario Canada To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message