Great Mukund!
Can i have the patch to try?!
Thank you!
Francesco
________________________________________
Da: Mukund Sivaraman [m...@isc.org]
Inviato: mercoledì 13 maggio 2015 17.47
A: Job
Cc: bind-users@lists.isc.org
Oggetto: Re: R: RPZ and client matching
Hi Job
On Mon, May 11, 2015 at 01:49:54AM +0200, Job wrote:
> Hello,
>
> >>You can use a combination of rpz-client-ip. trigger and
> >>rpz-passthru. action to achieve either effect.
>
> i notice i can define a policy and then, with rpz-passtru, i can make
> exceptions for client. But i did not find how to write a policy, for
> example resolve with "127.0.0.1" *.playboy.com, and assigning this
> policy to one or more client ip.
>
> Is there a way?
>
> I would not like to use views because, behind some blacklists some
> millions of records long, without the possibility to reuse rpz-zone
> between views (in-view is not working with rpz), memory overuse would
> be a big problem!
We have prepared a branch that adds an "rpz-skipzone." policy action
that, when matched by the trigger, behaves as if the current policy zone
is disabled, and proceeds to the next one. It is still in the early
stages, but it may be released in 9.11.
With "rpz-skipzone.", you can match some clients to skip to the next
policy zone and handle them separately there. I'll let you know once it
is merged to master in case you want to try it.
Mukund
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
