hi i wrote a perl daemon to handle all these situations.
he resolv the servername and add or delete the ip(s) to an spezific table. maybe it's time to work on a package for ports. holger > On 2011-09-08, Gerard Lally <ger...@netmail.ie> wrote: >> Hi. >> >> First post. Beginner- to intermediate user. >> >> How does PF update a table with hostnames resolved by round-robin DNS? >> Is it just the first DNS response that is added to the table, or >> multiple DNS responses? > > $ echo 'match to facebook.com' | pfctl -nvf - > match inet from any to 69.63.189.11 > match inet from any to 69.63.181.12 > match inet from any to 69.63.189.16 > > it takes all records from the response, but doesn't track updates. > >> For example, is it possible to block a well-known social networking >> site which resolves to multiple IP addresses, using a PF table >><socialnet> with just the hostname of the website? >> >> Yes, I do know this should be done with Squid, and I am using Squid for >> this purpose, but I am inquiring just out of curiosity. > > simpler to poison the DNS with your own local records for somedomain.com; > preferably at the resolver, if not there then dnsspoof (in dsniff) might > be > workable.
