On Tue, May 31, 2005 at 04:43:16PM +0200, Ivan Voras wrote: > Is it possible to use ipfw to filter packets by domain name? > > What I need it for: I'd like to allow ssh logins only from a specific > TLD (by reverse lookup...) - maybe there's another way?
Access control based on the reverse lookup of an IP address is a dangerous idea in general. Anyone who manages their own reverse DNS could bypass the security simply by creating a DNS entry. If someone controls the in-addr.arpa zone for a particular IP range, they can make those IPs resolve with any FQDN they want, even with domains they don't own. Bruce Nikkel _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
