Hi there, In the pf.conf man page, it is stated that it's possible to write inside a rule a hostname instead of an IP address and the resolver will take care of converting the hostname into its IP address when the pf process loads its configuration file.
The problem arises when a particular hostname have many ip addresses like in the case of "google.com", "gmail.com" etc, and the ip address that "google.com" - for instance - is now (at the time that the user navigate his Internet browser to "google.com") resolved to isn't in the list of the ip addresses that the resolver has putted in the rule when the pf configuration file has been loaded. Now assuming that I have created a rule that is looked something like this: 'block from any to "google.con"' The hostname "google.com" isn't blocked since its current ip differs from its previous ip when pf has loaded the rule, what can I do in order to be able to block such sites (with many ip addresses)? Regards, Atar. _______________________________________________ freebsd-pf@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
