[Firehol-support] DNS-based blacklisting
Costa Tsaousis
costa at tsaousis.gr
Fri Sep 10 22:53:30 CEST 2004
Hi Daniel,
It is not possible (and at least not wise) for a firewall to have dynamic
actions based on external things, such as DNS, that will be queried in
real time for making a decision. Such dynamic actions should and are
implemented at an application level, like your mail server.
Costa
> I'm probably messing with something I shouldn't be here - but is there a
> way to have rejections based on a dynamic real-time blacklist (DNS
> lookup)?
>
> As an example - I may have a RBL I maintain for blocking e-mail
> spammers. As I have no earthly reason to accept connections of any kind
> from these locations - I'm curious if I can block them at an IP level -
> before they ever reach my mail server.
>
> Daniel
More information about the Firehol-support
mailing list