[Firehol-support] DNS-based blacklisting
Daniel L. Miller
dmiller at amfes.com
Sat Sep 11 07:11:10 BST 2004
What about just defining a simple (though possibly long) list of
external IP's to block? Is there an easy way to do that?
>Hi Daniel,
>
>It is not possible (and at least not wise) for a firewall to have dynamic
>actions based on external things, such as DNS, that will be queried in
>real time for making a decision. Such dynamic actions should and are
>implemented at an application level, like your mail server.
>
>Costa
>
>
>
>>I'm probably messing with something I shouldn't be here - but is there a
>>way to have rejections based on a dynamic real-time blacklist (DNS
>>lookup)?
>>
>>As an example - I may have a RBL I maintain for blocking e-mail
>>spammers. As I have no earthly reason to accept connections of any kind
>>from these locations - I'm curious if I can block them at an IP level -
>>before they ever reach my mail server.
>>
>>Daniel
>>
>>
More information about the Firehol-support
mailing list