On 2011-09-08, Gerard Lally <ger...@netmail.ie> wrote: > Hi. > > First post. Beginner- to intermediate user. > > How does PF update a table with hostnames resolved by round-robin DNS? > Is it just the first DNS response that is added to the table, or > multiple DNS responses?
$ echo 'match to facebook.com' | pfctl -nvf - match inet from any to 69.63.189.11 match inet from any to 69.63.181.12 match inet from any to 69.63.189.16 it takes all records from the response, but doesn't track updates. > For example, is it possible to block a well-known social networking > site which resolves to multiple IP addresses, using a PF table ><socialnet> with just the hostname of the website? > > Yes, I do know this should be done with Squid, and I am using Squid for > this purpose, but I am inquiring just out of curiosity. simpler to poison the DNS with your own local records for somedomain.com; preferably at the resolver, if not there then dnsspoof (in dsniff) might be workable.
