Date: Tue, 31 May 2005 19:48:33 +0200 From: bruce@nikkel.com To: Ivan Voras <ivoras@fer.hr>, stable@freebsd.org Subject: Re: IP Firewalling by DNS name Message-ID: <20050531174833.GA24102@nikkel.com> In-Reply-To: <429C7804.8040709@fer.hr>
index | next in thread | previous in thread | raw e-mail
On Tue, May 31, 2005 at 04:43:16PM +0200, Ivan Voras wrote: > Is it possible to use ipfw to filter packets by domain name? > > What I need it for: I'd like to allow ssh logins only from a specific > TLD (by reverse lookup...) - maybe there's another way? Access control based on the reverse lookup of an IP address is a dangerous idea in general. Anyone who manages their own reverse DNS could bypass the security simply by creating a DNS entry. If someone controls the in-addr.arpa zone for a particular IP range, they can make those IPs resolve with any FQDN they want, even with domains they don't own. Bruce Nikkelhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050531174833.GA24102>