[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ipchains
- To: Alon Oz <alon(at-nospam)linuxqa.com>
- Subject: Re: ipchains
- From: Jonathan Ben-Avraham <benavrhm(at-nospam)tcltek.co.il>
- Date: Mon, 25 Dec 2000 14:46:56 +0200 (IST)
- cc: ILUG <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux-il-linux-il@linux.org.il
- In-Reply-To: <3A473DD8.4058D2E8@linuxqa.com>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
On Mon, 25 Dec 2000, Alon Oz wrote:
> Jonathan Ben-Avraham wrote:
> >
> > On Mon, 25 Dec 2000, Alon Oz wrote:
> >
> > > Jonathan Ben-Avraham wrote:
> > > >
> > > > On Mon, 25 Dec 2000, System1 wrote:
> > > >
> > > > >
> > > > > Hi,
> > > > > we are using here IPChains Firewall.
> > > > > Is there anyway to block complete domain such as *.icq.com ?
> > > >
> > > > No, not with ipchains, because -s accepts only a hostname, network address
> > > > or plain IP address
> > > >
> > > You dig all the domains under icq.com and add block rules for it in a
> > > loop.
> >
> > Very nice.
> > How do I write the loop?
>
> 1. I just checked icq.com and you cannot dig the domains under it.
> 2. You have another option: nslookup icq.com returns 3 ip addresses,
> scan these blocks for .icq.com pattern and block the ones you find,
> it's not perfect but it's better than nothing
> and i assume it will solve your problem.
> You can write the script with any scriping language
> (you can search the web for shell scripting tutorial)
Ok, but my experience with these IP's is that they change every year or
so. So isn't it better to block at the service level and not at the IP
level?
- yba
EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ TclTek Ltd.
=}-------------------------------------------------ooO--U--Ooo-----------{=
- benavrhm@tcltek.co.il - tel: +972.52.670.353, http://www.tcltek.co.il -
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il