[Firehol-support] DNS-based blacklisting

Daniel L. Miller dmiller at amfes.com
Sat Sep 11 07:11:10 BST 2004


What about just defining a simple (though possibly long) list of 
external IP's to block?  Is there an easy way to do that?

>Hi Daniel,
>
>It is not possible (and at least not wise) for a firewall to have dynamic
>actions based on external things, such as DNS, that will be queried in
>real time for making a decision. Such dynamic actions should and are
>implemented at an application level, like your mail server.
>
>Costa
>
>  
>
>>I'm probably messing with something I shouldn't be here - but is there a
>>way to have rejections based on a dynamic real-time blacklist (DNS
>>lookup)?
>>
>>As an example - I may have a RBL I maintain for blocking e-mail
>>spammers.  As I have no earthly reason to accept connections of any kind
>>from these locations - I'm curious if I can block them at an IP level -
>>before they ever reach my mail server.
>>
>>Daniel
>>    
>>




More information about the Firehol-support mailing list