[Firehol-support] DNS-based blacklisting

Costa Tsaousis costa at tsaousis.gr
Fri Sep 10 21:53:30 BST 2004

Hi Daniel,

It is not possible (and at least not wise) for a firewall to have dynamic
actions based on external things, such as DNS, that will be queried in
real time for making a decision. Such dynamic actions should and are
implemented at an application level, like your mail server.


> I'm probably messing with something I shouldn't be here - but is there a
> way to have rejections based on a dynamic real-time blacklist (DNS
> lookup)?
> As an example - I may have a RBL I maintain for blocking e-mail
> spammers.  As I have no earthly reason to accept connections of any kind
> from these locations - I'm curious if I can block them at an IP level -
> before they ever reach my mail server.
> Daniel

More information about the Firehol-support mailing list