Can ipfw Rules Be Based On DNS Name
Michael Sierchio
kudzu at tenebras.com
Wed Aug 11 20:26:10 UTC 2021
On Wed, Aug 11, 2021 at 1:05 PM Tim Daneliuk via freebsd-questions <
freebsd-questions at freebsd.org> wrote:
> I have used ipfw for years to configure access at the IP address level.
>
> I now need to block a particular domain and all its subdomains from
> accessing anything on the server. Is this possible using the top level
> domain name rather than IPs (which appear to be fluid).
>
Generally, no. Also, specifically, no. There isn't a way of solving the
problem as you've articulated it.
You can block entire countries by IP block. You can block a company's
entire CIDR block if it has one allocated. Tables make this easy.
You can create a cron job to do a whois on incoming traffic (if you're
loggin it), and block if it's undesireable (add the block to your reject
table).
If you were concerned with outbound, rather than inbound traffic, I would
say sinkhole / blackhole DNS works.
More information about the freebsd-questions
mailing list