Re: ipfilter block an vhost name

From: George Mitchell <george+freebsd_at_m5p.com>
Date: Tue, 13 Jun 2023 20:17:52 UTC
On 6/13/23 16:01, ft wrote:
> Hello
> 
> It is possible to block all in and/or out packages from an url
> with no logging
> any ports (or http and https)
> 
> It seem it is a vhost, the ip have more url.
> 
> my example:
> block in  from "brigitte.de" to any
> block out from "brigitte.de" to any
> 
> 
> Franz
> 
> 
At the packet filtering level, all ipfilter has to go on are the
source and destination IP addresses in the packet itself.  So even
if 'block in from "brigitte.de" to any' is syntactically acceptable
in your rule set (I believe it is not), it's still blocking on the
IP address to which the name resolves, not on the name.     -- George